Zscaler Identity (ZIdentity) supports modern, phishing-resistant passwordless authentication using the FIDO2 standard. FIDO2 combines Web Authentication (WebAuthn) and the Client to Authenticator Protocol (CTAP2) to enable users to authenticate with security keys or built-in platform authenticators (such as biometric sensors) without transmitting or storing a reusable password. The Digital Transformation Engineer documentation explains that when a user registers a FIDO2 authenticator with ZIdentity, the service stores a public key tied to that device and account. Future logins are validated using a cryptographic challenge–response, providing strong protection against credential theft and replay attacks.
By contrast, SAML (option B) and OIDC (option C) are federation protocols used for single sign-on (SSO) and identity delegation between an identity provider and service providers; they do not themselves define how passwordless authentication is performed. They can carry assertions from an IdP that might use FIDO2 behind the scenes, but SAML and OIDC are not the passwordless method. SCIM (option D) is a provisioning standard for creating, updating, and deprovisioning identities and groups, not an authentication protocol.
Therefore, the only option that directly represents the protocol enabling passwordless login to a ZIdentity account is FIDO2.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit