Get started

Overview
Get started

Applications

Overview
Settings
Theming

API scopes

Overview
Standard scopes

Integration guides

No framework (curl)
Next.js / better-auth
React (SPA)
Expo (React Native)
Flutter
Node.js / Express
Java / Spring Boot
C# / .NET MVC
Go
Python
Other frameworks

Features

Scopes and claims
Prompts
Test users
Single sign-on
Company delegations
Custom delegations
Consent
Skipping passkeys
Device code flow

Troubleshooting

Common issues

Skipping passkeys

After a successful first authentication, Kenni asks the user whether they'd like to register a passkey for faster future sign-ins. The prompt is great for consumer applications where the same user signs in repeatedly from the same device — but it's noise for kiosk-style flows, app store reviewers, one-off enrollments, and back-office tools where every session uses a fresh credential anyway.

The Skip passkey prompt setting hides that screen for a specific application.

Skipping passkeys is a paid feature on a higher plan tier. Get in touch and we'll talk you through pricing and enable it for your team.

Plan and application setup

Skipping the passkey prompt is gated at two levels:

  1. Plan tier. Your team's plan must support the feature. If it doesn't, the toggle isn't shown.
  2. Per application. Each application opts in independently. Open the application's Settings tab in the developer portal and tick Skip passkey prompt.

When enabled, every user signing into that application skips the passkey registration step and lands directly on the consent screen (if applicable) or your redirect_uri.

What it changes

  • No registration prompt. The "Register a passkey?" screen is suppressed for this application.
  • Existing passkeys still work. Users who already have a passkey can continue to use it on the credential prompt — this setting only controls the registration prompt, not the use of passkeys for authentication.
  • Other applications are unaffected. A user who signs into an application with skipping enabled, then later signs into a different application without it, sees the registration prompt on that second application.

Always-skipped: delegated authorizations

Independently of this setting, Kenni never asks for a passkey during a delegated sign-in (prompt=delegation or a session that resolved into a delegation). The actor in a delegation isn't the account the passkey would belong to, and registering one for the subject would let the actor return later and sign in as the subject without authorization. The passkey prompt is therefore skipped for every delegated flow regardless of how this setting is configured.

When to enable it

  • Demo and review applications. App store reviewers and demo users don't benefit from a passkey they'll never reuse.
  • Single-use kiosks where the device isn't tied to one identity.
  • Back-office or admin tools where users sign in rarely and the noise of being prompted every time isn't worth it.

For consumer-facing applications, leave it off — the passkey prompt is the fastest route to a low-friction return user.

Next steps