diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
index de9798853c0..8c25857656c 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@@ -143,6 +143,19 @@ describe("FidoAuthenticatorService", () => {
         await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
       });
 
+      /** Devation: Organization ciphers are not checked against excluded credentials, even if the user has access to them. */
+      it("should not inform user of duplication when the excluded credential belongs to an organization", async () => {
+        userInterfaceSession.informExcludedCredential.mockResolvedValue();
+        excludedCipher.organizationId = "someOrganizationId";
+
+        try {
+          await authenticator.makeCredential(params);
+          // eslint-disable-next-line no-empty
+        } catch {}
+
+        expect(userInterfaceSession.informExcludedCredential).not.toHaveBeenCalled();
+      });
+
       it("should not inform user of duplication when input data does not pass checks", async () => {
         userInterfaceSession.informExcludedCredential.mockResolvedValue();
         const invalidParams = await createInvalidParams();
@@ -204,6 +217,19 @@ describe("FidoAuthenticatorService", () => {
         await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
       });
 
+      /** Devation: Organization ciphers are not checked against excluded credentials, even if the user has access to them. */
+      it.only("should not inform user of duplication when the excluded credential belongs to an organization", async () => {
+        userInterfaceSession.informExcludedCredential.mockResolvedValue();
+        excludedCipherView.organizationId = "someOrganizationId";
+
+        try {
+          await authenticator.makeCredential(params);
+          // eslint-disable-next-line no-empty
+        } catch {}
+
+        expect(userInterfaceSession.informExcludedCredential).not.toHaveBeenCalled();
+      });
+
       it("should not inform user of duplication when input data does not pass checks", async () => {
         userInterfaceSession.informExcludedCredential.mockResolvedValue();
         const invalidParams = await createInvalidParams();
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
index 99959b00800..fb8125b2442 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@@ -273,10 +273,11 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     return ciphers
       .filter(
         (cipher) =>
-          (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
-          (cipher.type === CipherType.Login &&
-            cipher.login.fido2Key != undefined &&
-            ids.includes(cipher.login.fido2Key.nonDiscoverableId))
+          cipher.organizationId == undefined &&
+          ((cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
+            (cipher.type === CipherType.Login &&
+              cipher.login.fido2Key != undefined &&
+              ids.includes(cipher.login.fido2Key.nonDiscoverableId)))
       )
       .map((cipher) => cipher.id);
   }