From face000654c56f0c3f030f6cf9be7de52d4a3789 Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Fri, 19 Jun 2026 18:22:09 +0200 Subject: [PATCH 1/6] feat(account): added 1FA method --- .../account/how-to/log-in-to-the-console.mdx | 6 +++++ pages/account/how-to/use-2fa.mdx | 23 ++++++++++++++++--- .../cannot-log-into-my-account.mdx | 4 +++- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/pages/account/how-to/log-in-to-the-console.mdx b/pages/account/how-to/log-in-to-the-console.mdx index 6e0c58ac77..379e51f2bf 100644 --- a/pages/account/how-to/log-in-to-the-console.mdx +++ b/pages/account/how-to/log-in-to-the-console.mdx @@ -33,6 +33,12 @@ This page describes the different login methods available and what to consider b 2. Complete the login on the respective SSO page. 3. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. + + 1. Click **Continue with your passkey**. + 2. Follow the steps in your password manager to complete verification. + + Once the passkey is validated, you are redirected to the Organization dashboard. + Instead of a password, you can log in with a one-time code sent to your email address. The code can only be used once and expires after 10 minutes. diff --git a/pages/account/how-to/use-2fa.mdx b/pages/account/how-to/use-2fa.mdx index ba32a02545..5b6b42aa7a 100644 --- a/pages/account/how-to/use-2fa.mdx +++ b/pages/account/how-to/use-2fa.mdx @@ -87,25 +87,42 @@ At login, Scaleway issues a challenge that your device signs with the private ke Passkeys are currently only available for account Owners, not IAM Members. +You can use a passkey in two ways: + + - As a second factor (2FA): after entering your password, SSO credentials, or an authentication code, a passkey confirms your identity. + - As a passwordless login method (1FA): if your passkey supports identity verification, it handles both factors in a single gesture, no password required. + +Identity verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. A macOS passkey protected by Touch ID is an example of a passkey that supports identity verification. + +Not all passkeys support identity verification. If the console still asks for a password or another factor after you authenticate with your passkey, refer to the troubleshooting page [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). + - [Owner](/iam/concepts/#owner) status - Set up a [password manager](/account/concepts/#password-manager) on your device 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click **+ Add passkey** in the Multifactor authentication section. A pop-up displays. +2. Click **+ Add passkey** in the Authentication methods section. A pop-up displays. 3. Enter the passkey name you configured in your password manager. 4. Click **Start**. Your password manager will be prompted and a pop-up may appear in your browser. 5. Follow your password manager's instructions to complete the setup. A confirmation message displays once the passkey is successfully added. 6. Click **Close**. -Your passkeys are now listed in the Multifactor authentication section. +### Upgrade a passkey to passwordless login + +1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. +2. Click > **Upgrade to passwordless login** next to the passkey you want upgrade. A pop-up displays. +3. Click **Upgrade to passwordless login**. Your password manager will be prompted, and a pop-up may appear in your browser to check identity verification. +4. Follow your password manager's instructions to complete the setup. A confirmation message displays once the passkey is upgraded. +5. Click **Close**. + +If the upgrade fails, refer to the troubleshooting page [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). ### Delete a passkey 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click next to the passkey you want to delete in the Multifactor authentication section. A pop-up displays. +2. Click > **Delete** next to the passkey you want to delete in the Multifactor authentication section. A pop-up displays. 3. Type **DELETE** in the box to confirm and click **Delete passkey**. The passkey is removed from your Scaleway account. diff --git a/pages/account/troubleshooting/cannot-log-into-my-account.mdx b/pages/account/troubleshooting/cannot-log-into-my-account.mdx index 33d978f5fe..998f582d1e 100644 --- a/pages/account/troubleshooting/cannot-log-into-my-account.mdx +++ b/pages/account/troubleshooting/cannot-log-into-my-account.mdx @@ -58,4 +58,6 @@ After analyzing your documents, our team will deactivate your two-factor authent ## SSO authentication is not working -If the email address of your Google, Microsoft, or GitHub account does not match the email address associated with your Scaleway account, you will not be able to log in using SSO. Make sure both email addresses are the same. \ No newline at end of file +If the email address of your Google, Microsoft, or GitHub account does not match the email address associated with your Scaleway account, you will not be able to log in using SSO. Make sure both email addresses are the same. + +## My passkey is not working \ No newline at end of file From b3be395a5b8e540836ebb6a386e5d459a0bc043f Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Fri, 19 Jun 2026 18:22:39 +0200 Subject: [PATCH 2/6] Updated 1FA method --- pages/account/how-to/use-2fa.mdx | 2 +- pages/account/troubleshooting/cannot-log-into-my-account.mdx | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pages/account/how-to/use-2fa.mdx b/pages/account/how-to/use-2fa.mdx index 5b6b42aa7a..fb3754e607 100644 --- a/pages/account/how-to/use-2fa.mdx +++ b/pages/account/how-to/use-2fa.mdx @@ -89,7 +89,7 @@ At login, Scaleway issues a challenge that your device signs with the private ke You can use a passkey in two ways: - - As a second factor (2FA): after entering your password, SSO credentials, or an authentication code, a passkey confirms your identity. + - As a second factor login method (2FA): after entering your password, SSO credentials, or an authentication code, a passkey confirms your identity. - As a passwordless login method (1FA): if your passkey supports identity verification, it handles both factors in a single gesture, no password required. Identity verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. A macOS passkey protected by Touch ID is an example of a passkey that supports identity verification. diff --git a/pages/account/troubleshooting/cannot-log-into-my-account.mdx b/pages/account/troubleshooting/cannot-log-into-my-account.mdx index 998f582d1e..617691acef 100644 --- a/pages/account/troubleshooting/cannot-log-into-my-account.mdx +++ b/pages/account/troubleshooting/cannot-log-into-my-account.mdx @@ -60,4 +60,5 @@ After analyzing your documents, our team will deactivate your two-factor authent If the email address of your Google, Microsoft, or GitHub account does not match the email address associated with your Scaleway account, you will not be able to log in using SSO. Make sure both email addresses are the same. -## My passkey is not working \ No newline at end of file +## My passkey is not working + From 53dadc17d607b70580ecbbce189bb96ff328bcd3 Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Fri, 26 Jun 2026 20:37:21 +0200 Subject: [PATCH 3/6] Updated MFA pages --- .../account/how-to/log-in-to-the-console.mdx | 84 +++++++++------- pages/account/how-to/use-2fa.mdx | 98 +++++++++---------- 2 files changed, 94 insertions(+), 88 deletions(-) diff --git a/pages/account/how-to/log-in-to-the-console.mdx b/pages/account/how-to/log-in-to-the-console.mdx index 379e51f2bf..53765cabe2 100644 --- a/pages/account/how-to/log-in-to-the-console.mdx +++ b/pages/account/how-to/log-in-to-the-console.mdx @@ -1,9 +1,9 @@ --- -title: How to log in to the console +title: Log in to the console description: Steps to log in to the Scaleway console. tags: account login password access magic-link magic link authentication code SSO dates: - validation: 2026-03-24 + validation: 2026-06-26 posted: 2024-06-11 --- import LoginMember from '@macros/iam/login-member.mdx' @@ -11,57 +11,71 @@ import Requirements from '@macros/iam/requirements.mdx' import image from './assets/scaleway-auth-code.webp' -The Scaleway console supports several authentication methods, including email and password, one-time authentication codes, and Single Sign-On (SSO) via Google, GitHub, or SAML. The options available to you depend on your role within an Organization and the Organization configuration. +The Scaleway console supports several authentication methods. The options available depend on your role and your Organization's configuration. -An IAM user is a human user in an Organization. Identify which IAM user you are: - - **Owner**: You are the Owner of the Organization that was created with your account. You manage the root account and log in directly. - - **Member**: You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. They must identify their Organization ID before logging in. +**Identify your role before logging in:** -This page describes the different login methods available and what to consider based on your role. + - **Owner** - You created the account and are the Owner of your Organization. You log in directly to the [console](https://console.scaleway.com). + - **Member** - You were added to an Organization by an Owner or a user with IAM Manager permissions. You must identify your Organization ID before logging in. - A [Scaleway](https://www.scaleway.com/en/) account -- Know your IAM user type: Owner or Member -## Log in as an Organization Owner +## Log in as an Owner -1. Go to the [Scaleway console](https://account.scaleway.com/). - - - 1. Click the **Google**, **Microsoft**, or **GitHub** logo for the account you want to use. - 2. Complete the login on the respective SSO page. - 3. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. - - - 1. Click **Continue with your passkey**. - 2. Follow the steps in your password manager to complete verification. +The console supports the following authentication methods for Owners: + +- **Passkey** (if registered): your browser detects your passkey automatically and prompts you to authenticate with it before asking for your email. If your passkey supports user verification, this single step satisfies both authentication factors. +- **Email and password** +- **One-time authentication code** (sent by email) +- **Single Sign-On (SSO)** via Google, GitHub, or SAML + + + + 1. Go to the [Scaleway console](https://account.scaleway.com/). + 2. Click the **Google**, **Microsoft**, or **GitHub** logo for the account you want to use. + 3. Complete the login on the respective SSO page. + 4. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. + + + 1. Go to the [Scaleway console](https://account.scaleway.com/). + 2. Click **Continue with your passkey**. + 3. Follow the steps in your password manager to complete verification. - Once the passkey is validated, you are redirected to the Organization dashboard. - - - Instead of a password, you can log in with a one-time code sent to your email address. The code can only be used once and expires after 10 minutes. + Once the passkey is validated, you are redirected to the Organization dashboard. + + + If your passkey supports identity verification (such as Touch ID on macOS or Windows Hello), this single step satisfies both authentication factors and you are logged in immediately — no password or TOTP code required. If your passkey does not support identity verification, you will be prompted for a second factor after this step. + + + If you registered a passkey but do not see the **Continue with your passkey** option, it may not be detected on this device. Continue with another method and see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/) if needed. + + + + Instead of a password, you can log in with a one-time code sent to your email address. The code can only be used once and expires after 10 minutes. - 1. Enter your email address and click **Send authentication code**. - A code will be sent to your email inbox. - 2. Open the email with the subject **Use the authentication code to access your account** in your inbox. - 3. Copy the code and enter it in the Scaleway console. - + 1. Go to the [Scaleway console](https://account.scaleway.com/). + 2. Enter your email address and click **Send authentication code**. You will receive a code on your email inbox. + 3. Open the email with the subject **Use the authentication code to access your account**. + 4. Copy the code and enter it in the Scaleway console. + You will be authenticated and redirected to the console. If you log out from the console and want to log in again without your password, you will need to request a new code by repeating the steps above. - - - 1. Click **Log in with password**. - 2. Enter your email address and password, then click **Log in**. - 3. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. - + + + 1. Go to the [Scaleway console](https://account.scaleway.com/). + 2. Click **Log in with password**. + 3. Enter your email address and password, then click **Log in**. + 4. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. + -## Log in as an IAM Member +## Log in as a Member Adding you as an [IAM Member](/iam/concepts#member) to an Organization automatically creates a Scaleway account for you. An Organization administrator must provide you with a username, email address, and Organization ID (or a direct login link) for you to log in. diff --git a/pages/account/how-to/use-2fa.mdx b/pages/account/how-to/use-2fa.mdx index fb3754e607..ae8065f10b 100644 --- a/pages/account/how-to/use-2fa.mdx +++ b/pages/account/how-to/use-2fa.mdx @@ -1,74 +1,62 @@ --- -title: How to use Multifactor Authentication (MFA) +title: Use Multifactor Authentication (MFA) description: Enable and use Two-Factor Authentication (2FA) in Scaleway. tags: authentication 2FA two-factor two multifactor security google authenticator dates: - validation: 2025-03-24 + validation: 2026-06-26 posted: 2022-01-14 --- import Requirements from '@macros/iam/requirements.mdx' -Multifactor authentication (MFA) adds extra layers of security to your Scaleway account. Beyond your password, MFA requires one or more additional verification factors to grant access — meaning your account stays protected even if your password is compromised. +Multifactor authentication (MFA) adds a second verification step when you log in to the Scaleway console. Even if someone obtains your password, they cannot access your account without this second factor. -Two MFA methods are available: - - **One-time password (TOTP)** - a unique, time-based code generated by an authenticator app. - - **Passkey** - a passwordless authentication method that removes the need to create, manage, or remember passwords. - - - As an account Owner, you can enable both MFA methods simultaneously. We recommend keeping at least one method active at all times to maintain account security. - +Scaleway supports two MFA methods: + - **One-time password (TOTP)** - a unique, time-based code generated by an authenticator app on your phone. Available to all account types (Owners and IAM Members). + - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports identity verification — as a complete single-step login that handles both factors at once. Available to account Owners only. + +As an account Owner, you can enable both methods simultaneously. You must keep at least one method active at all times to maintain account security. - A Scaleway account logged in to the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization + +## TOTP authentication -## Enable TOTP +To use TOTP, you first need to install an authenticator app on your phone. Once set up, the app generates rotating codes used to verify your identity at login. Popular TOTP apps include [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US), [Authy](https://authy.com/download/), and [FreeOTP](https://freeotp.github.io/). -To use TOTP on your account, you first need to install an authenticator app on your phone. Once set up, the TOTP app generates a rotating set of time-based codes used to verify your identity at login. Popular TOTP apps include: -- [Authy](https://authy.com/download/) -- [FreeOTP](https://freeotp.github.io/) -- [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US) +### Enable TOTP 1. Download and install an app of your choice on your phone. 2. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. + If you are logged in as an [IAM Member](/iam/concepts/#member), click **Credentials** in your user overview page. +3. In the **Authentication methods** section, click **Set up TOTP**. A pop-up appears. +4. Scan the QR code with your authenticator app, or manually enter the setup code shown if you cannot scan it. Your app will begin generating 6-digit codes for your Scaleway account. +5. Enter the current 6-digit code from your app into the box and click **Submit**. +6. Download or copy the backup codes displayed, and store them somewhere safe. - If you are logged in as an [IAM Member](/iam/concepts/#member), click **Credentials** in your user overview page. + Your backup codes are the only way to recover access to your account if you lose your phone or authenticator app. Each code can only be used once. Store them securely — for example in a password manager. -3. Click **Set up TOTP** in the **Multifactor authentication** section. A pop-up displays. -4. Scan the QR code or enter the code shown into your authenticator app. - Your app sets up MFA for your Scaleway account and displays a 6-digit code. -5. Enter the 6-digit code into the box and click **Submit**. -6. Download or copy the backup codes displayed, and store them somewhere safe. These are the only way to recover access to your account if you lose your TOTP app. -TOTP MFA is now enabled on your account. - -From your next login onwards, you will be prompted to enter a TOTP code from your authenticator app. +TOTP MFA is now enabled on your account. From your next login onwards, you will be prompted to enter a 6-digit code from your authenticator app after your primary credentials. ### Update TOTP If you no longer have access to the device where TOTP was set up, you can reconfigure it through the Scaleway console. - - -- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- [Enabled TOTP](#how-to-enable-totp) on your account - - - If you have lost access to your account and cannot log in, refer to the [Cannot log in to my account](/account/troubleshooting/cannot-log-into-my-account/) troubleshooting procedure. - - 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click **Update TOTP** in the Multifactor authentication section. A pop-up displays. -3. Scan the QR code or enter the code shown into your authenticator app. - Your app sets up TOTP for your Scaleway account and displays a 6-digit code. -4. Enter the 6-digit code into the box and click **Submit**. -5. Download or copy the new backup codes and store them somewhere safe. +2. In the **Authentication methods** section, click **Set up TOTP**. A pop-up appears. +3. Scan the QR code with your authenticator app, or manually enter the setup code shown if you cannot scan it. Your app will begin generating 6-digit codes for your Scaleway account. +4. Enter the current 6-digit code from your app into the box and click **Submit**. +5. Download or copy the backup codes displayed, and store them somewhere safe. + +If you have lost access to your account and cannot log in, see [I cannot log in to my account](/account/troubleshooting/cannot-log-into-my-account/). ### Delete TOTP 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click **Delete TOTP** in the Multifactor authentication section. A pop-up displays. -3. Type **DELETE** in the box to confirm and click **Delete TOTP**. +2. In the **Authentication methods** section, click **Delete**. A pop-up appears. +3. Type **DELETE** in the box to confirm, and click **Delete TOTP**. TOTP is now disabled on your account. @@ -76,14 +64,14 @@ TOTP is now disabled on your account. If you are a Member of an Organization that enforces MFA, you must re-enable TOTP before the Organization's [grace period](/iam/how-to/comply-with-sec-requirements-member/#grace-period) ends, otherwise your Member account will be locked. -## Enable a passkey +## Passkey authentication A passkey is a passwordless authentication method based on public-key cryptography, supported by the WebAuthn standard. When you create a passkey, your authenticator app generates a key pair: the private key stays on your device, while the public key is sent to Scaleway. At login, Scaleway issues a challenge that your device signs with the private key — Scaleway then verifies it using the public key. - + Passkeys are currently only available for account Owners, not IAM Members. @@ -92,45 +80,49 @@ You can use a passkey in two ways: - As a second factor login method (2FA): after entering your password, SSO credentials, or an authentication code, a passkey confirms your identity. - As a passwordless login method (1FA): if your passkey supports identity verification, it handles both factors in a single gesture, no password required. -Identity verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. A macOS passkey protected by Touch ID is an example of a passkey that supports identity verification. +Identity verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. For example, a macOS passkey protected by Touch ID supports identity verification. -Not all passkeys support identity verification. If the console still asks for a password or another factor after you authenticate with your passkey, refer to the troubleshooting page [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). +Not all passkeys support identity verification. If the console still asks for a password or another factor after you authenticate with your passkey, see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). - [Owner](/iam/concepts/#owner) status - Set up a [password manager](/account/concepts/#password-manager) on your device +### Enable a passkey + 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click **+ Add passkey** in the Authentication methods section. A pop-up displays. +2. In the **Authentication methods** section, click **+ Add passkey**. A pop-up opens. 3. Enter the passkey name you configured in your password manager. -4. Click **Start**. Your password manager will be prompted and a pop-up may appear in your browser. +4. Click **Start**. Your password manager will be prompted, and a pop-up may appear in your browser. 5. Follow your password manager's instructions to complete the setup. - A confirmation message displays once the passkey is successfully added. + A message confirms the passkey is successfully added. 6. Click **Close**. ### Upgrade a passkey to passwordless login 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click > **Upgrade to passwordless login** next to the passkey you want upgrade. A pop-up displays. +2. Next to the passkey you want upgrade, click > **Upgrade to passwordless login**. A pop-up appears. 3. Click **Upgrade to passwordless login**. Your password manager will be prompted, and a pop-up may appear in your browser to check identity verification. 4. Follow your password manager's instructions to complete the setup. A confirmation message displays once the passkey is upgraded. 5. Click **Close**. -If the upgrade fails, refer to the troubleshooting page [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). +If the upgrade fails, see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). ### Delete a passkey 1. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. -2. Click > **Delete** next to the passkey you want to delete in the Multifactor authentication section. A pop-up displays. +2. Next to the passkey you want to delete, click > **Delete**. A pop-up appears. 3. Type **DELETE** in the box to confirm and click **Delete passkey**. The passkey is removed from your Scaleway account. - + Deleting a passkey here only removes it from Scaleway. You may also need to delete it manually from your password manager or authenticator service. -## Troubleshoot TOTP login issues +## Troubleshoot login issues + +If you have problems logging in to the console with TOTP, see [I cannot log in to my account](/account/troubleshooting/cannot-log-into-my-account/#i-have-lost-my-totp-mfa-device). -If you have problems logging in to the console with TOTP, refer to the [dedicated troubleshooting page](/account/troubleshooting/cannot-log-into-my-account/#i-have-lost-my-totp-mfa-device). \ No newline at end of file +If you have problems logging in to the console with a passkey, see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). \ No newline at end of file From 5d2556fdbbf42990961403bd6fbc3d155e648580 Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Mon, 29 Jun 2026 16:51:00 +0200 Subject: [PATCH 4/6] Added troubleshooting page --- .../account/how-to/log-in-to-the-console.mdx | 35 +++++---- .../troubleshooting/cannot-use-passkey.mdx | 74 +++++++++++++++++++ 2 files changed, 91 insertions(+), 18 deletions(-) create mode 100644 pages/account/troubleshooting/cannot-use-passkey.mdx diff --git a/pages/account/how-to/log-in-to-the-console.mdx b/pages/account/how-to/log-in-to-the-console.mdx index 53765cabe2..57e922f6ac 100644 --- a/pages/account/how-to/log-in-to-the-console.mdx +++ b/pages/account/how-to/log-in-to-the-console.mdx @@ -61,10 +61,10 @@ The console supports the following authentication methods for Owners: 4. Copy the code and enter it in the Scaleway console. - You will be authenticated and redirected to the console. + You are authenticated and redirected to the console. - If you log out from the console and want to log in again without your password, you will need to request a new code by repeating the steps above. + If you log out from the console and want to log in again without your password, you need to request a new code by repeating the steps above. @@ -77,23 +77,22 @@ The console supports the following authentication methods for Owners: ## Log in as a Member -Adding you as an [IAM Member](/iam/concepts#member) to an Organization automatically creates a Scaleway account for you. An Organization administrator must provide you with a username, email address, and Organization ID (or a direct login link) for you to log in. +When an Organization administrator adds you as an [IAM member](/iam/concepts#member), a Scaleway account is automatically created for you. To log in, the administrator must provide you with your username, email address, and Organization ID, or a direct login link. 1. Go to the [Scaleway console](https://account.scaleway.com/). 2. Click [Log in as an IAM Member](https://account.scaleway.com/member-login). 3. Enter the Organization ID or alias, then click **Continue**. - - If your Organization admin provided a [link to connect directly](/organizations-and-projects/how-to/set-organization-alias) to your Organization, you can disregard step 3. + + If your Organization admin provided a [link to connect directly](/organizations-and-projects/how-to/set-organization-alias) to your Organization, disregard step 3. 4. Enter your username. 5. Select an authentication method: **Log in with SSO**, **Send code**, or **Enter password**. + - Scaleway supports Single Sign-On (SSO) for a streamlined login experience. By default, you can use your Google or GitHub account, provided the email address linked to your Scaleway account matches the one on your Google or GitHub account. + Scaleway supports Single Sign-On (SSO), letting you log in with your Google or GitHub account. Your SSO email address must match the one linked to your Scaleway account. - - - If your Organization has [set up login via SAML](/iam/how-to/set-up-identity-federation), you must authenticate through your company's configured Identity Provider to log in with SSO. - + If your Organization has [set up login via SAML](/iam/how-to/set-up-identity-federation), you must authenticate through your company's configured Identity Provider to log in with SSO. 1. Click **Sign in with SSO** (for SAML), or click the **Google** or **GitHub** logo (for OAuth2). 2. Complete the login steps in the Identity Provider you are redirected to. @@ -101,13 +100,13 @@ Adding you as an [IAM Member](/iam/concepts#member) to an Organization automatic 1. Click **Send code** to receive a login code in your email. - 2. Enter the code you received by email. + 2. Enter the code you receive by email. If you did not receive the email, try the following steps in order: 1. Check your spam folder. 2. Click **Resend email**. 3. Contact an Organization administrator to confirm your information was correctly registered. - 4. If the issue persists, ask an administrator to [contact support](/account/how-to/open-a-support-ticket/#writing-an-effective-subject-and-description) + 4. If the issue persists, ask an administrator to [contact Scaleway support](/account/how-to/open-a-support-ticket/#writing-an-effective-subject-and-description) 3. Click **Continue**. 4. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. @@ -115,19 +114,19 @@ Adding you as an [IAM Member](/iam/concepts#member) to an Organization automatic 1. Click **Enter password**. 2. Enter your password, then click **Continue**. - 3. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. + 3. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. ## Log in with MFA -If [Multifactor Authentication (MFA)](/account/how-to/use-2fa) is enabled on your account, you will be prompted for an additional verification step after you enter you credentials. +If [Multifactor Authentication (MFA)](/account/how-to/use-2fa) is enabled on your account, you will be prompted for an additional verification step after you enter your credentials. -Two methods are supported: - - **One-time password (TOTP)** - a unique, time-based validation code generated by an authenticator app - - **Passkey** - a passwordless authentication method that removes the need to create, manage, or remember passwords. +Scaleway supports two methods: + - **One-time password (TOTP)** - a unique, time-based code generated by an authenticator app on your phone. Available to all account types (Owners and IAM Members). + - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports identity verification — as a complete single-step login that handles both factors at once. Available to account Owners only. -Once your primary login credentials are validated, you will be redirected to the Multifactor Authentication screen. If both MFA methods are enabled on your account, the **passkey** screen displays by default. +Once your primary login credentials are validated, you are redirected to the Multifactor Authentication screen. If both MFA methods are enabled on your account, the **passkey** screen displays by default. @@ -153,4 +152,4 @@ Once your primary login credentials are validated, you will be redirected to the ## Troubleshoot login issues -If you have problems logging in to the console, refer to the [dedicated troubleshooting page](/account/troubleshooting/cannot-log-into-my-account/). \ No newline at end of file +If you have problems logging in to the console, see [I cannot log in to my account](/account/troubleshooting/cannot-log-into-my-account/). \ No newline at end of file diff --git a/pages/account/troubleshooting/cannot-use-passkey.mdx b/pages/account/troubleshooting/cannot-use-passkey.mdx new file mode 100644 index 0000000000..7a6014b992 --- /dev/null +++ b/pages/account/troubleshooting/cannot-use-passkey.mdx @@ -0,0 +1,74 @@ +--- +title: I cannot use my passkey as a passwordless login +description: Find out why your passkey cannot be used as a standalone login method and how to resolve it. +tags: passkey passwordless account verification error +dates: + validation: 2026-06-29 + posted: 2026-06-29 +--- + +## Problem + +I cannot use my passkey as a standalone login method on the Scaleway console. + +## Symptoms + +- I see a **"Passkey upgrade failed"** error when trying to enable passwordless login for my passkey in **Account Security**. +- The console still asks for a password, TOTP code, or authentication code after I authenticate with my passkey. +- I cancelled or timed out of the verification prompt when trying to upgrade my passkey. + +## Possible causes + +- Your passkey does not support **user verification (UV)** — it only requires a physical touch, with no PIN or biometric configured. +- Your hardware security key has no PIN set. +- Biometrics (Touch ID, Face ID, Windows Hello) are not enabled or enrolled on your device. +- You are using a synced passkey (for example, via iCloud Keychain or Google Password Manager) on a device where biometrics or a PIN are not configured. +- You cancelled the verification prompt during the upgrade flow. +- The verification prompt timed out before you completed it. +- Browser security policies on a company-managed device are preventing user verification. + +## Solution + +**If you see the "Passkey upgrade failed" error and cancelled or timed out:** +Click **Retry** on the error dialog and complete the biometric or PIN prompt when it appears. Make sure biometrics are working correctly on your device before retrying. + +**If your hardware security key has no PIN:** +Set a PIN on your key using its companion app — for example, [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) for YubiKey devices, or your manufacturer's equivalent tool. Once a PIN is set, the key supports User Verification and can be used as a standalone login method. You do not need to re-register the key. + +**If biometrics are not enabled on your device:** + +- **macOS:** Go to **System Settings > Touch ID & Password** and make sure Touch ID is enabled with at least one fingerprint enrolled. +- **Windows:** Go to **Settings > Accounts > Sign-in options** and configure Windows Hello (fingerprint, face recognition, or PIN). +- **iOS/Android:** Make sure biometrics are set up and active in your device settings. +**If you are using a synced passkey on a device without biometrics:** +Set up biometrics or a PIN on the current device, or switch to a device where your passkey's User Verification is active. + +**If you are on a company-managed device:** +Contact your IT administrator to check whether WebAuthn User Verification is permitted in your browser environment. As an alternative, [set a password on your Scaleway account](https://www.scaleway.com/en/docs/account/how-to/change-password/) and use your passkey as a second factor (MFA) instead. + +**If you have lost access to your passkey entirely** (lost device or broken hardware key): + +- **If your account has a password set:** use your recovery code + your password. +- **If your account is passwordless:** use your recovery code + an alternative factor (email code, TOTP, or a secondary passkey if you registered one). + + +Recovery codes must always be paired with a second signal — a recovery code alone is not sufficient to regain access. To start the recovery flow, click **Lost access?** on the [Scaleway console login page](https://console.scaleway.com). + + + +To reduce the risk of being locked out, register a backup passkey and store your recovery codes securely. If the console warns you that your passkey is not backed up to a cloud account, register an additional passkey or save your recovery codes before you need them. + + +## Going further + +If you have tried the solutions above and the issue persists, try the following before contacting support: + +- Remove the passkey from **Account Security > Passkeys** and register it again. +- Make sure your browser is up-to-date. Use a recent version of Chrome, Firefox, Safari, or Edge. +- Try a different browser — some handle biometric prompts differently across platforms. + +If none of the above resolves the issue, [open a support ticket](https://console.scaleway.com/support/tickets/create), specifying: + +- The name of the affected passkey (as shown in your security settings) +- The device and browser you are using +- Whether you see the upgrade error, are prompted for a second factor at login, or both \ No newline at end of file From d708da5269e60320508db8ae03375af52e9aea00 Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Mon, 29 Jun 2026 17:38:06 +0200 Subject: [PATCH 5/6] fixed typos --- pages/account/how-to/log-in-to-the-console.mdx | 7 ++++--- pages/account/troubleshooting/cannot-use-passkey.mdx | 12 ++++-------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/pages/account/how-to/log-in-to-the-console.mdx b/pages/account/how-to/log-in-to-the-console.mdx index 57e922f6ac..01736de25f 100644 --- a/pages/account/how-to/log-in-to-the-console.mdx +++ b/pages/account/how-to/log-in-to-the-console.mdx @@ -133,9 +133,10 @@ Once your primary login credentials are validated, you are redirected to the Mul Passkey authentication is currently only available for IAM Owners. - 1. Click **Use passkey**. Your password manager opens. - 2. Follow the steps in your password manager to complete verification. - + 1. Go to the [Scaleway console](https://account.scaleway.com/). + 2. Click **Continue with your passkey**. + 3. Follow the steps in your password manager to complete verification. + Once the passkey is validated, you are redirected to the Organization dashboard. diff --git a/pages/account/troubleshooting/cannot-use-passkey.mdx b/pages/account/troubleshooting/cannot-use-passkey.mdx index 7a6014b992..d303cdb829 100644 --- a/pages/account/troubleshooting/cannot-use-passkey.mdx +++ b/pages/account/troubleshooting/cannot-use-passkey.mdx @@ -19,7 +19,7 @@ I cannot use my passkey as a standalone login method on the Scaleway console. ## Possible causes -- Your passkey does not support **user verification (UV)** — it only requires a physical touch, with no PIN or biometric configured. +- Your passkey does not support user verification — it only requires a physical touch, with no PIN or biometric configured. - Your hardware security key has no PIN set. - Biometrics (Touch ID, Face ID, Windows Hello) are not enabled or enrolled on your device. - You are using a synced passkey (for example, via iCloud Keychain or Google Password Manager) on a device where biometrics or a PIN are not configured. @@ -33,7 +33,7 @@ I cannot use my passkey as a standalone login method on the Scaleway console. Click **Retry** on the error dialog and complete the biometric or PIN prompt when it appears. Make sure biometrics are working correctly on your device before retrying. **If your hardware security key has no PIN:** -Set a PIN on your key using its companion app — for example, [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) for YubiKey devices, or your manufacturer's equivalent tool. Once a PIN is set, the key supports User Verification and can be used as a standalone login method. You do not need to re-register the key. +Set a PIN on your key using its companion app — for example, [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) for YubiKey devices, or your manufacturer's equivalent tool. Once a PIN is set, the key supports user verification and can be used as a standalone login method. You do not need to re-register the key. **If biometrics are not enabled on your device:** @@ -41,20 +41,16 @@ Set a PIN on your key using its companion app — for example, [YubiKey Manager] - **Windows:** Go to **Settings > Accounts > Sign-in options** and configure Windows Hello (fingerprint, face recognition, or PIN). - **iOS/Android:** Make sure biometrics are set up and active in your device settings. **If you are using a synced passkey on a device without biometrics:** -Set up biometrics or a PIN on the current device, or switch to a device where your passkey's User Verification is active. +Set up biometrics or a PIN on the current device, or switch to a device where your passkey's user verification is active. **If you are on a company-managed device:** -Contact your IT administrator to check whether WebAuthn User Verification is permitted in your browser environment. As an alternative, [set a password on your Scaleway account](https://www.scaleway.com/en/docs/account/how-to/change-password/) and use your passkey as a second factor (MFA) instead. +Contact your IT administrator to check whether WebAuthn user verification is permitted in your browser environment. As an alternative, [set a password on your Scaleway account](https://www.scaleway.com/en/docs/account/how-to/change-password/) and use your passkey as a second factor (MFA) instead. **If you have lost access to your passkey entirely** (lost device or broken hardware key): - **If your account has a password set:** use your recovery code + your password. - **If your account is passwordless:** use your recovery code + an alternative factor (email code, TOTP, or a secondary passkey if you registered one). - -Recovery codes must always be paired with a second signal — a recovery code alone is not sufficient to regain access. To start the recovery flow, click **Lost access?** on the [Scaleway console login page](https://console.scaleway.com). - - To reduce the risk of being locked out, register a backup passkey and store your recovery codes securely. If the console warns you that your passkey is not backed up to a cloud account, register an additional passkey or save your recovery codes before you need them. From 7bf881cbe4c9023a081f07f64f5f80cb143c7b8b Mon Sep 17 00:00:00 2001 From: Firdevs ARSLAN Date: Fri, 3 Jul 2026 11:19:32 +0200 Subject: [PATCH 6/6] updates upon review --- .../account/how-to/log-in-to-the-console.mdx | 28 ++++++++++--------- pages/account/how-to/use-2fa.mdx | 16 +++++------ .../troubleshooting/cannot-use-passkey.mdx | 8 +++--- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/pages/account/how-to/log-in-to-the-console.mdx b/pages/account/how-to/log-in-to-the-console.mdx index 01736de25f..b7459d7643 100644 --- a/pages/account/how-to/log-in-to-the-console.mdx +++ b/pages/account/how-to/log-in-to-the-console.mdx @@ -26,7 +26,7 @@ The Scaleway console supports several authentication methods. The options availa The console supports the following authentication methods for Owners: -- **Passkey** (if registered): your browser detects your passkey automatically and prompts you to authenticate with it before asking for your email. If your passkey supports user verification, this single step satisfies both authentication factors. +- **Passkey** (if configured): either your browser detects your passkey automatically and prompts you to authenticate with it before asking for your email, or you click **Continue with your passkey**. If your passkey supports user verification, this single step satisfies both authentication factors. - **Email and password** - **One-time authentication code** (sent by email) - **Single Sign-On (SSO)** via Google, GitHub, or SAML @@ -36,20 +36,19 @@ The console supports the following authentication methods for Owners: 1. Go to the [Scaleway console](https://account.scaleway.com/). 2. Click the **Google**, **Microsoft**, or **GitHub** logo for the account you want to use. 3. Complete the login on the respective SSO page. - 4. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. + 4. If multifactor authentication (MFA) is enabled, complete the additional verification step when prompted. This can be a one-time code from your authenticator app, or a passkey. 1. Go to the [Scaleway console](https://account.scaleway.com/). - 2. Click **Continue with your passkey**. - 3. Follow the steps in your password manager to complete verification. + 2. If your browser detects a passkey for your account, you are automatically prompted to authenticate. Complete the verification step (for example, a fingerprint scan or PIN). If no passkey is detected automatically, click **Continue with your passkey** and follow the steps in your browser or OS prompt to complete verification. Once the passkey is validated, you are redirected to the Organization dashboard. - If your passkey supports identity verification (such as Touch ID on macOS or Windows Hello), this single step satisfies both authentication factors and you are logged in immediately — no password or TOTP code required. If your passkey does not support identity verification, you will be prompted for a second factor after this step. + If your passkey supports user verification (such as Touch ID on macOS or Windows Hello), this single step satisfies both authentication factors and you are logged in immediately — no password or TOTP code required. If your passkey does not support user verification, you are returned to the login form to continue with another method. - If you registered a passkey but do not see the **Continue with your passkey** option, it may not be detected on this device. Continue with another method and see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/) if needed. + If you configured a passkey but cannot connect with it, continue with another method and see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). @@ -71,10 +70,14 @@ The console supports the following authentication methods for Owners: 1. Go to the [Scaleway console](https://account.scaleway.com/). 2. Click **Log in with password**. 3. Enter your email address and password, then click **Log in**. - 4. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. + 4. If multifactor authentication (MFA) is enabled, complete the additional verification step when prompted. This can be a one-time code from your authenticator app, or a passkey. + + Even if MFA is not enabled on your account, Scaleway may ask you to confirm a one-time authentication code sent by email as an additional security check. + + ## Log in as a Member When an Organization administrator adds you as an [IAM member](/iam/concepts#member), a Scaleway account is automatically created for you. To log in, the administrator must provide you with your username, email address, and Organization ID, or a direct login link. @@ -96,7 +99,7 @@ When an Organization administrator adds you as an [IAM member](/iam/concepts#mem 1. Click **Sign in with SSO** (for SAML), or click the **Google** or **GitHub** logo (for OAuth2). 2. Complete the login steps in the Identity Provider you are redirected to. - 3. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. + 3. If multifactor authentication (MFA) is enabled, complete the additional verification step when prompted. This can be a one-time code from your authenticator app, or a passkey. 1. Click **Send code** to receive a login code in your email. @@ -109,12 +112,12 @@ When an Organization administrator adds you as an [IAM member](/iam/concepts#mem 4. If the issue persists, ask an administrator to [contact Scaleway support](/account/how-to/open-a-support-ticket/#writing-an-effective-subject-and-description) 3. Click **Continue**. - 4. If multifactor authentication (MFA) is activated, enter the authentication code when prompted. + 4. If multifactor authentication (MFA) is enabled, complete the additional verification step when prompted. This can be a one-time code from your authenticator app, or a passkey. 1. Click **Enter password**. 2. Enter your password, then click **Continue**. - 3. If multifactor authentication (MFA) is enabled, enter the authentication code when prompted. + 3. If multifactor authentication (MFA) is enabled, complete the additional verification step when prompted. This can be a one-time code from your authenticator app, or a passkey. @@ -124,7 +127,7 @@ If [Multifactor Authentication (MFA)](/account/how-to/use-2fa) is enabled on you Scaleway supports two methods: - **One-time password (TOTP)** - a unique, time-based code generated by an authenticator app on your phone. Available to all account types (Owners and IAM Members). - - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports identity verification — as a complete single-step login that handles both factors at once. Available to account Owners only. + - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports user verification — as a complete single-step login that handles both factors at once. Available to account Owners only. Once your primary login credentials are validated, you are redirected to the Multifactor Authentication screen. If both MFA methods are enabled on your account, the **passkey** screen displays by default. @@ -134,8 +137,7 @@ Once your primary login credentials are validated, you are redirected to the Mul Passkey authentication is currently only available for IAM Owners. 1. Go to the [Scaleway console](https://account.scaleway.com/). - 2. Click **Continue with your passkey**. - 3. Follow the steps in your password manager to complete verification. + 2. If your browser detects a passkey for your account, you are automatically prompted to authenticate. Complete the verification step (for example, a fingerprint scan or PIN). If no passkey is detected automatically, click **Continue with your passkey** and follow the steps in your browser or OS prompt to complete verification. Once the passkey is validated, you are redirected to the Organization dashboard. diff --git a/pages/account/how-to/use-2fa.mdx b/pages/account/how-to/use-2fa.mdx index ae8065f10b..8c7ffcd3d2 100644 --- a/pages/account/how-to/use-2fa.mdx +++ b/pages/account/how-to/use-2fa.mdx @@ -12,9 +12,9 @@ Multifactor authentication (MFA) adds a second verification step when you log in Scaleway supports two MFA methods: - **One-time password (TOTP)** - a unique, time-based code generated by an authenticator app on your phone. Available to all account types (Owners and IAM Members). - - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports identity verification — as a complete single-step login that handles both factors at once. Available to account Owners only. + - **Passkey** - a passwordless method based on public-key cryptography (WebAuthn standard). Passkeys can act as a second factor, or — if your device supports user verification — as a complete single-step login that handles both factors at once. Available to account Owners only. -As an account Owner, you can enable both methods simultaneously. You must keep at least one method active at all times to maintain account security. +As an account Owner, you can enable both methods simultaneously. @@ -23,11 +23,11 @@ As an account Owner, you can enable both methods simultaneously. You must keep a ## TOTP authentication -To use TOTP, you first need to install an authenticator app on your phone. Once set up, the app generates rotating codes used to verify your identity at login. Popular TOTP apps include [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US), [Authy](https://authy.com/download/), and [FreeOTP](https://freeotp.github.io/). +To use TOTP, you first need to install an authenticator app on your device. Once set up, the app generates rotating codes used to verify your identity at login. Popular TOTP apps include [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US), [Authy](https://authy.com/download/), and [FreeOTP](https://freeotp.github.io/). ### Enable TOTP -1. Download and install an app of your choice on your phone. +1. Download and install an app of your choice on your device. 2. Go to your [Account Security](https://console.scaleway.com/settings/account/security) page. If you are logged in as an [IAM Member](/iam/concepts/#member), click **Credentials** in your user overview page. 3. In the **Authentication methods** section, click **Set up TOTP**. A pop-up appears. @@ -77,12 +77,10 @@ At login, Scaleway issues a challenge that your device signs with the private ke You can use a passkey in two ways: - - As a second factor login method (2FA): after entering your password, SSO credentials, or an authentication code, a passkey confirms your identity. - - As a passwordless login method (1FA): if your passkey supports identity verification, it handles both factors in a single gesture, no password required. + - As a passwordless login method (1FA): if your passkey supports user verification, it handles both factors in a single gesture, no password required. User verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. For example, a macOS passkey protected by Touch ID supports identity verification. + - As a second factor login method (2FA): if your passkey does not support user verification, it acts as a WebAuthn security key — confirming possession of the device after a first factor (password, SSO, or authentication code). -Identity verification means your device confirms that you are the authorized owner before releasing the passkey, typically via a biometric check (fingerprint, Face ID) or a PIN. For example, a macOS passkey protected by Touch ID supports identity verification. - -Not all passkeys support identity verification. If the console still asks for a password or another factor after you authenticate with your passkey, see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). +Not all passkeys support user verification. If you authenticate with your passkey and are returned to the login form instead of being signed in, see [I cannot use my passkey as a passwordless login](/account/troubleshooting/cannot-use-passkey/). diff --git a/pages/account/troubleshooting/cannot-use-passkey.mdx b/pages/account/troubleshooting/cannot-use-passkey.mdx index d303cdb829..1ec663c26a 100644 --- a/pages/account/troubleshooting/cannot-use-passkey.mdx +++ b/pages/account/troubleshooting/cannot-use-passkey.mdx @@ -14,7 +14,7 @@ I cannot use my passkey as a standalone login method on the Scaleway console. ## Symptoms - I see a **"Passkey upgrade failed"** error when trying to enable passwordless login for my passkey in **Account Security**. -- The console still asks for a password, TOTP code, or authentication code after I authenticate with my passkey. +- After authenticating with my passkey, I am returned to the login form instead of being signed in. - I cancelled or timed out of the verification prompt when trying to upgrade my passkey. ## Possible causes @@ -65,6 +65,6 @@ If you have tried the solutions above and the issue persists, try the following If none of the above resolves the issue, [open a support ticket](https://console.scaleway.com/support/tickets/create), specifying: -- The name of the affected passkey (as shown in your security settings) -- The device and browser you are using -- Whether you see the upgrade error, are prompted for a second factor at login, or both \ No newline at end of file +- The name of the affected passkey (as shown in your security settings). +- The device and browser you are using. +- Whether you see the upgrade error, are returned to the login form, or both. \ No newline at end of file