My organization is trying to go passwordless by utilizing Touch ID and Ubikeys. Everything is working but there is an issue with chrome. It seems in chrome you are able to bypass MFA with Touch ID using your local password. Below is an example of what I am talking about. This defeats the purpose of MFA by allowing user to just use their password twice. I want to know if anyone else came across this issue or if there was any key value pair that can be deployed in a config profile via jamf to block this. Probably a long shot but thought I'd throw this out into the ether incase anyone else is facing the same challenges. I am also going to reach out to google and okta about this.
The Touch ID interface in Chrome for Okta MFA