URLs/domains automatically permitted direct Security Key attestation

Specifies URLs and domains for which no prompt will be shown when attestation certificates from Security Keys are requested. Additionally, a signal will be sent to the Security Key indicating that individual attestation may be used. Without this, users will be prompted in Chrome 65+ when sites request attestation of Security Keys.

URLs (like https://example.com/some/path) will only match as U2F appIDs. Domains (like example.com) only match as webauthn RP IDs. Thus, to cover both U2F and webauthn APIs for a given site, both the appID URL and domain would need to be listed.

Example value:

https://example.com

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

URLs/domains automatically permitted direct Security Key attestation

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS\SecurityKeyPermitAttestation
Value Name{number}
Value TypeREG_SZ
Default Value

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)