The Jira DC iOS currently cannot authenticate users requiring both WebAuthn/FIDO2 and SAML in a unified flow due to incompatibilities between its two authentication methods: * OAuth allows authorization using WebAuthn/FIDO2. However, OAuth doesn’t natively interact with SAML-based SSO, as SAML relies on a separate protocol managed by an IdP.

• Embedded Webview handles SAML SSO by loading the IdP’s login page. But in order to access system keychain and support WebAuthn/FIDO2, the app should be system. While OAuth uses the iOS component(ASWebAuthenticationSession) that works under the hood as Safari, Embedded Webview is located within Jira DC app and isn't classified as system one.

Moreover, ASWebAuthenticationSession is limited to token-based flow and doesn’t persist session cookies, making it incompatible with SAML’s session management.In conclusion, Jira DC iOS app needs a new authentication solution(likely an OIDC-based flow) that supports both WebAuthn/FIDO2 and SSO. This would require an IdP that can either bridge SAML to OIDC (converting SAML assertions to tokens) or natively support both standards in a token-based workflow.