We want to limit the passkeys (WebAuthn) to sync to iCloud only. Is there a way to detect if the user has enabled iCloud when using the Safari browser?
Can this can be done over WebAuthn or Safari API?
Mac OSX Safari detect if iCloud is enabled
There's no need for you to do anything special here, as passkeys always require iCloud Keychain.. When on a version of Safari that supports passkeys, if the user has iCloud Keychain turned off when trying to use a passkey, they'll be prompted to turn on iCloud Keychain with a link into Settings to do so.
Using the WebAuthn API on Safari (Version 16) desktop via MacOSX browser and iCloud disabled, the user can still save the passkey into their local passkeys without any prompt. Is there something special we need to enable for the prompt to occur?
Yes, but what will happen if the users can't enable their iCloud keychain? We have this issue today where users are already registered on iOS 15 and once they upgraded to iOS 16 they can't use it anymore as their iCloud Keychain is disabled due to enterprise restrictions. We hear more and more complaints from big customers affected by this.