chore: add TOTP, passkey, and WebAuthn credential import documentation

[pi1814]

Related Issue or Design Document

Checklist

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Further comments

Summary by CodeRabbit

• Documentation
  • Expanded importing credentials docs to cover TOTP, passkeys, and WebAuthn.
  • Added guidance on required formats and encoding for each credential type, field requirements, and how imports handle duplicates or replacements.
  • Included notes on RP ID binding implications for passkeys and differences in second-factor vs. passwordless expectations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 146a7678-f331-4114-bd7b-d53351512f85

📥 Commits

Reviewing files that changed from the base of the PR and between f774821 and 2e157ae.

📒 Files selected for processing (1)

• docs/kratos/manage-identities/25_import-user-accounts-identities.mdx

✅ Files skipped from review due to trivial changes (1)

• docs/kratos/manage-identities/25_import-user-accounts-identities.mdx

---

📝 Walkthrough

Walkthrough

Updates the identity import documentation to add guidance for importing TOTP, passkey, and WebAuthn (second-factor) credentials, including required config fields, encoding expectations, replacement/update behaviors, and an RP ID binding warning for passkeys.

Changes

Cohort / File(s)	Summary
Documentation - Credential Import Guide docs/kratos/manage-identities/25_import-user-accounts-identities.mdx	Expanded identity import docs to cover TOTP (credentials.totp.config.totp_url as an otpauth:// URI), passkeys (credentials.passkey.config with base64-encoded binary fields, required fields, metadata, update rules, RP ID warning), and WebAuthn second-factor credentials (credentials.webauthn.config, similar structure to passkeys; notes on is_passwordless semantics).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• aeneasr
• unatasha8
• mszekiel

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the template structure with no actual content filled in; the author did not provide the required big picture description, related issue reference, or meaningful checklist completion for a documentation improvement.	Add a concise description of the documentation changes (why these credential types are important for users), confirm that no security vulnerability is addressed, and complete relevant checklist items appropriately.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding documentation for TOTP, passkey, and WebAuthn credential imports, matching the changeset content perfectly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-import-cred-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/kratos/manage-identities/25_import-user-accounts-identities.mdx`:
- Line 132: Update the overview sentence "Ory supports importing credentials for
identities including passwords, social sign-in connections, TOTP, and passkeys."
to also mention WebAuthn (e.g., add "WebAuthn" or "WebAuthn/passkeys") so the
list matches the later full WebAuthn import section; locate and edit that exact
sentence in the document to include WebAuthn in the credentials overview.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 0d4b3c32-1a44-48df-9425-b6af3644ccdc

📥 Commits

Reviewing files that changed from the base of the PR and between 8daf6aa and f774821.

📒 Files selected for processing (1)

• docs/kratos/manage-identities/25_import-user-accounts-identities.mdx