diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py
index 31864075c..231859e47 100644
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -93,8 +93,7 @@ def two_factor_sms():
 def two_factor_webauthn():
     user_id = session['user_details']['id']
     user = User.from_id(user_id)
-    if not user.platform_admin:
-        abort(403)
+
     if not user.webauthn_auth:
         abort(403)
 
diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py
index 03508c426..e02d7d42a 100644
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -298,20 +298,6 @@ def test_two_factor_webauthn_should_have_auth_signin_button(
     mock_get_user.assert_called_once_with(platform_admin_user['id'])
 
 
-def test_two_factor_webauthn_should_reject_non_platform_admins(
-    client,
-    api_user_active,
-    mock_get_user,
-):
-    api_user_active['auth_type'] = 'webauthn_auth'
-    with client.session_transaction() as session:
-        session['user_details'] = {'id': api_user_active['id'], 'email': api_user_active['email_address']}
-
-    response = client.get(url_for('main.two_factor_webauthn'))
-
-    assert response.status_code == 403
-
-
 def test_two_factor_webauthn_should_reject_non_webauthn_auth_users(
     client,
     platform_admin_user,