Hello everyone,

we would like to enforce passkeys as the only 2-Step Verification method in our organization.

To do so, this Google Workspace Admin Help article suggests us that we would need to enable the "Only security key" option under "Methods" in the "Security > Authentication > 2-Step Verification" page in the Admin console. The Help article also reassures us that "Since the addition of passkeys, the Only security key option now supports both security keys and passkeys as a 2SV method".

However, if we enable this option, and then we try to enable 2-Step Verification on an account, we get the following pages, which requires us to add a security key to not get locked out of the account, even if that account already has a passkey.

To replicate this error, follow these steps:

1. Log in to the account using a passkey, we get the following page:

2. After clicking on "Enroll" we see the following page:

3. If we click on "Turn on 2-Step Verification", it doesn't let us do that because we have to enable at least one of the "Second steps". If we click on "Passkeys and security keys" we reach this page:

Where we can see that the account has a passkey we are "all set". However, If we go back we still cannot enable 2SV and it still asks to add a security key to the account (which already has a passkey):

It seems that the "Only security Key" setting does not work with passkeys (differently from what it is stated in the help page above). Do you have some suggestions regarding this issue?