URLs/domains automatically permitted direct Security Key attestation

Setting the policy specifies URLs and domains for which no prompt appears when attestation certificates from Security Keys are requested. A signal is also sent to the Security Key indicating that individual attestation may be used. Without this, when sites request attestation of Security Keys, users are prompted in Google Chrome version 65 and later.

URLs will only match as U2F appIDs. Domains only match as webauthn RP IDs. So to cover both U2F and webauthn APIs, list the appID URL and domain for a given site.

Example value:

https://example.com

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

URLs/domains automatically permitted direct Security Key attestation

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS\SecurityKeyPermitAttestation
Value Name{number}
Value TypeREG_SZ
Default Value

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)