diff --git a/internal/models/factor.go b/internal/models/factor.go
index e0149907e..a0af48c84 100644
--- a/internal/models/factor.go
+++ b/internal/models/factor.go
@@ -140,6 +140,7 @@ type Factor struct {
 	Phone              storage.NullString  `json:"phone" db:"phone"`
 	LastChallengedAt   *time.Time          `json:"last_challenged_at" db:"last_challenged_at"`
 	WebAuthnCredential *WebAuthnCredential `json:"-" db:"web_authn_credential"`
+	AAGUID             *uuid.UUID          `json:"aaguid" db:"aaguid"`
 }
 
 type WebAuthnCredential struct {
@@ -223,7 +224,18 @@ func (f *Factor) SaveWebAuthnCredential(tx *storage.Connection, credential *weba
 	f.WebAuthnCredential = &WebAuthnCredential{
 		Credential: *credential,
 	}
-	return tx.UpdateOnly(f, "web_authn_credential", "updated_at")
+
+	if len(credential.Authenticator.AAGUID) > 0 {
+		aaguidUUID, err := uuid.FromBytes(credential.Authenticator.AAGUID)
+		if err != nil {
+			return fmt.Errorf("failed to convert AAGUID to UUID: %w", err)
+		}
+		f.AAGUID = &aaguidUUID
+	} else {
+		f.AAGUID = nil
+	}
+
+	return tx.UpdateOnly(f, "web_authn_credential", "aaguid", "updated_at")
 }
 
 func FindFactorByFactorID(conn *storage.Connection, factorID uuid.UUID) (*Factor, error) {
diff --git a/migrations/20240912193726_add_web_authn.up.sql b/migrations/20240930203726_add_web_authn.up.sql
similarity index 70%
rename from migrations/20240912193726_add_web_authn.up.sql
rename to migrations/20240930203726_add_web_authn.up.sql
index c0025c9fd..219b55add 100644
--- a/migrations/20240912193726_add_web_authn.up.sql
+++ b/migrations/20240930203726_add_web_authn.up.sql
@@ -1,2 +1,3 @@
 alter table {{ index .Options "Namespace" }}.mfa_factors add column if not exists web_authn_credential jsonb null;
+alter table {{ index .Options "Namespace" }}.mfa_factors add column if not exists aaguid uuid null;
 alter table {{ index .Options "Namespace" }}.mfa_challenges add column if not exists web_authn_session_data jsonb null;