Jamf Connect - Okta WebAuthn

Were you ever able to find a solve for this?

Got a reply back from our account rep that the Jamf Connect engineering team "recognizes this as a currently desired feature but doesn't have it roadmapped for development at this time." We're going to end up testing a per-app policy for Jamf Connect in Okta that would exclude it from WebAuth requirements but the Jamf Connect documentation currently discourages per-app policies.

This is definitely something we would want to implement too and I find it really surprising, and a bit weird, that webauthn doesn't work with JAMF Connect and that it isn't on their roadmap to implement. More and more companies will want to implement phishing resistant MFA policies and so this should be something high up on their roadmap 

I'm surprised this question isn't being asked more, but I'm guessing it's going to start picking up traction as companies start to adhere to stricter authentication policies. In trying to get this working, we've seen our Okta logs calling out the culprit as the embedded browser JC is using during authentication. It seems to be too old to even know what Fido2 or webauthn is. The only current second factor available with this embedded browser is a phone call. Even the latest version of JC (2.35.0) hasn't made any progress on this:

"Note: 

Jamf Connect does not currently support hardware-based security keys at the macOS Login Window. Examples of these keys include Personal Identity Verification (PIV), Common Access Card (CAC), and security keys (e.g. Yubikey) in FIDO2, U2F, or smart card mode."

I don't know if it'll get much attention and I'm not holding my breath, but I've put in a feature request to get this looked at. This has to be putting some serious restrictions on the adoption of Jamf Connect across at least a few enterprise customers. Or maybe it's just me?

The only workaround I have found to enable Yubico key is to disable JC from the login process after configuration Yubico now prompts me for a PIN to sign in.