This guide walks you through setting up Allthenticate as a FIDO2 security key (passkey) on Windows devices. Once complete, you and your team will be able to sign in to Windows using the Allthenticator app on your phone — no passwords needed.

The guide is split into two parts: steps every user completes on their own device, and admin-only steps that an IT administrator configures once for the entire organization.

Pre-requisites

Before starting, confirm the following on every device that will use Allthenticate:

1. Windows 10 Pro (v1903 or higher) or Windows 11 Pro — Allthenticate requires a Pro edition of Windows. To verify: go to Settings → System → About → Windows specifications and confirm the edition says "Pro" (not "Home").
2. The computer must be Microsoft Entra joined — This is required for FIDO2 passkey sign-in to work. To verify, open a terminal and run: dsregcmd /status. Look for the line that says AzureAdJoined : YES. If it says NO, the device must be joined to Entra before proceeding.
3. You have local administrator privileges on the machine.
4. Ensure that Bluetooth drivers are up-to-date.
5. Bluetooth is enabled — If your computer does not have built-in Bluetooth, we recommend purchasing a Bluetooth Low Energy (BLE) dongle such as this one on Amazon for best performance. We DO NOT recommend using the TP-link BLE dongles.

Per-User Setup

Every user completes these steps on their own device and phone.

Step 1: Install the Software and App

Go to allthenticate.com/downloads and:

• Install the Allthenticate desktop software on your Windows PC.
• Install the Allthenticator app on your phone (iOS or Android).

Step 2: Pair Your Phone

1. Open the Allthenticator app and confirm your email.
2. Open the Allthenticate desktop software — a QR code will appear on screen.