Get your free and exclusive +45-page Authentication Analytics Whitepaper
Read the full blog post

Which browsers support passkey creation in 3rd-party iframe?

Learn which browsers support creating passkeys within third-party iframes, including current limitations and future expectations for WebAuthn Level 3.

Vincent Delitz
Vincent Delitz

Created: April 7, 2025

Updated: May 12, 2026

browsers support passkey third party iframe

Which browsers currently support the creation of passkeys in a third-party iframe context?#

As of now, browser support for creating passkeys within third-party (cross-origin) iframes is evolving rapidly, particularly influenced by the WebAuthn Level 3 specification. Here's the current state of support:

Browsers Supporting Passkey Creation in Third-Party Iframes#

Browsers with Limited or No Support#

Safari: Currently does not support creating passkeys within third-party iframes. Safari allows only authentication (login) via passkeys in cross-origin iframes, but not registration or creation. This limitation is part of Safari's broader restrictions related to cross-origin security. In a payment context, one of the reason for this limitation is that Apple wants to protect its Apple Pay experience and make it stand out against other providers.

WhitepaperEnterprise Icon

Enterprise Passkey Whitepaper. Practical guidance, rollout patterns, and KPIs for passkey programs.

Get Whitepaper

Recommendation#

  • Always verify browser compatibility before implementing a cross-origin iframe passkey flow in production environments.
  • Provide alternative authentication flows (e.g., redirect-based or pop-up-based) to handle browsers with limited support, ensuring consistent user experiences.

For the most accurate and up-to-date compatibility, always check official browser documentation and release notes.

Read the full article#

Corbado

About Corbado

Corbado is the Authentication Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: where passkeys, passwords, OTP, social login and fallback journeys succeed, stall or fail, which devices and browsers create friction, and when an OS update silently breaks login. Two products: Corbado Observe layers process mining and observability across authentication journeys. Corbado Connect adds managed passkeys with analytics built in alongside your IDP. VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert

Passkeys & iframes: How to Create & Login with a Passkey?

Read the full article

Discover how to create & login with passkeys in cross-origin iframes with our guide. Learn about iframes in WebAuthn, security policies & implementation.

Read the full article

Read by 5,000+ security leaders.

See what's really happening in your passkey rollout.

Explore the Console

Share this article


LinkedInTwitterFacebook