diff --git a/apps/authentication/backends/passkey/api.py b/apps/authentication/backends/passkey/api.py
index 8f5414122..644636dd2 100644
--- a/apps/authentication/backends/passkey/api.py
+++ b/apps/authentication/backends/passkey/api.py
@@ -22,6 +22,8 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, ModelViewSet):
 
     @action(methods=['get', 'post'], detail=False, url_path='register')
     def register(self, request):
+        if request.user.source != 'local':
+            return JsonResponse({'error': _('Only register passkey for local user')}, status=400)
         if request.method == 'GET':
             register_data, state = register_begin(request)
             return JsonResponse(dict(register_data))
diff --git a/apps/authentication/backends/passkey/backends.py b/apps/authentication/backends/passkey/backends.py
index dc7e1349b..4be1687d2 100644
--- a/apps/authentication/backends/passkey/backends.py
+++ b/apps/authentication/backends/passkey/backends.py
@@ -7,3 +7,6 @@ class PasskeyAuthBackend(JMSModelBackend):
     @staticmethod
     def is_enabled():
         return settings.AUTH_PASSKEY
+
+    def user_can_authenticate(self, user):
+        return user.source == 'local'