diff --git a/app/models.py b/app/models.py
index 6f33142d5..dfb70b050 100644
--- a/app/models.py
+++ b/app/models.py
@@ -140,6 +140,17 @@ class User(db.Model):
     def password(self):
         raise AttributeError("Password not readable")
 
+    @property
+    def can_use_webauthn(self):
+        if self.platform_admin:
+            return True
+
+        return any(
+            str(service.organisation_id) == current_app.config['BROADCAST_ORGANISATION_ID'] or
+            str(service.id) == current_app.config['NOTIFY_SERVICE_ID']
+            for service in self.services
+        )
+
     @password.setter
     def password(self, password):
         self._password = hashpw(password)
@@ -179,6 +190,7 @@ class User(db.Model):
             'permissions': self.get_permissions(),
             'platform_admin': self.platform_admin,
             'services': [x.id for x in self.services if x.active],
+            'can_use_webauthn': self.can_use_webauthn,
             'state': self.state,
         }
 
diff --git a/tests/app/test_model.py b/tests/app/test_model.py
index 0942cdbb9..84e59a19a 100644
--- a/tests/app/test_model.py
+++ b/tests/app/test_model.py
@@ -341,3 +341,17 @@ def test_template_folder_is_parent(sample_service):
     assert folders[0].is_parent_of(folders[4])
     assert folders[1].is_parent_of(folders[2])
     assert not folders[1].is_parent_of(folders[0])
+
+
+@pytest.mark.parametrize('is_platform_admin', (False, True))
+def test_user_can_use_webauthn_returns_false(sample_user, is_platform_admin):
+    sample_user.platform_admin = is_platform_admin
+    assert sample_user.can_use_webauthn == is_platform_admin
+
+
+def test_user_can_use_webauthn_if_in_broadcast_org(sample_broadcast_service):
+    assert sample_broadcast_service.users[0].can_use_webauthn
+
+
+def test_user_can_use_webauthn_if_in_notify_team(notify_service):
+    assert notify_service.users[0].can_use_webauthn
diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
index 0e3ac3402..290a55782 100644
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -72,6 +72,7 @@ def test_get_user(admin_request, sample_service, sample_organisation):
     assert fetched['permissions'].keys() == {str(sample_service.id)}
     assert fetched['services'] == [str(sample_service.id)]
     assert fetched['organisations'] == [str(sample_organisation.id)]
+    assert fetched['can_use_webauthn'] is False
     assert sorted(fetched['permissions'][str(sample_service.id)]) == sorted(expected_permissions)