[UX] Review follow-ups and phase 2 of Passkeys handoff

With the changes done for Passkeys phase 1 handoff (Figma file), now UX needs to revisit the handoff for phase 2 to update content and account settings to reflect decisions and exploration done during the past milestones.

What needs to be discussed before officially added to handoff?

  • What changes are we making in admin sign-in restriction settings? And how restrictions impact user settings and sign-in page?
  • Are we going to allow passkeys to be the only 2FA method in user settings in phase 2? Or are we still going to require a back-up method? Update 19th January 2026:_ This is not in scope for follow-ups, but UX and Product will investigate the possibility of allowing this in the future._
  • On that note, are we introducing the capability for Admins/Group owners to limit which 2FA methods their users can enable? I don't think we should allow disabling passkey exclusively for 2FA if we don't offer the same limitation to other 2FA methods. See here early designs we've prepared for group 2FA management for example in the Mandatory MFA figma file. Update 19th January 2026:_ This is not in scope for follow-ups, but UX and Product will investigate the possibility of allowing this in the future._
  • Has the foundations team approved changing user settings sidebar navigation for phase 2? Issue here
  • Has Tech Writer approved updating "One-time password authenticator" to "Authenticator app" during phase 2? Consider it includes updating documentation as well.
  • Has Tech Writer approved updating "WebAuthn devices" to "Security devices" during phase 2? Consider it includes updating documentation as well.
  • What are the timelines for 2-step username and password sign-in journey? Is this going live before or after phase 2?

What has been reviewed and added on handoff?

  • Email OTP settings
  • Move password to manage authentication page - Issue
  • Sign-in hero journey
  • Introduce flyout Access menu for the following user settings pages: Password & authentication, Personal Access Tokens, SSH keys, GPG keys, Applications, Active sessions, Authentication logs - Issue
  • Update to Admin Settings checkboxes to clarify disabling password for web authentication will also disable passkeys - Issue
  • Update to Group SAML SSO settings checkbox to clarify disabling password authentication will also disable passkeys - Issue

🔗 Handoff Figma link

Edited by Sayo Bittencourt