diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java
index af581b85dba..1650d236ffb 100644
--- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java
+++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java
@@ -135,6 +135,11 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
             if (BiometricUtils.containsGatekeeperPasswordHandle(getIntent())) {
                 mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(getIntent());
             }
+        } else if (WizardManagerHelper.isAnySetupWizard(getIntent())) {
+            if (BiometricUtils.containsGatekeeperPasswordHandle(getIntent())) {
+                mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(getIntent());
+            }
+
         }
 
         if (savedInstanceState != null) {
diff --git a/src/com/android/settings/password/ChooseLockSettingsHelper.java b/src/com/android/settings/password/ChooseLockSettingsHelper.java
index 26e84bed15f..9657175c2e5 100644
--- a/src/com/android/settings/password/ChooseLockSettingsHelper.java
+++ b/src/com/android/settings/password/ChooseLockSettingsHelper.java
@@ -350,7 +350,7 @@ public final class ChooseLockSettingsHelper {
                 Utils.enforceSameOwner(mActivity, mUserId);
             }
 
-            if (mExternal && mReturnCredentials) {
+            if (mExternal && mReturnCredentials && !mRemoteLockscreenValidation) {
                 throw new IllegalArgumentException("External and ReturnCredentials specified. "
                         + " External callers should never be allowed to receive credentials in"
                         + " onActivityResult");
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
index fbcebb8fe5f..fabca6bb983 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
@@ -235,12 +235,15 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
                     .setRemoteLockscreenValidationSession(remoteLockscreenValidationSession)
                     .setRemoteLockscreenValidationServiceComponent(
                             remoteLockscreenValidationServiceComponent)
+                    .setRequestGatekeeperPasswordHandle(true)
+                    .setReturnCredentials(true) // returns only password handle.
                     .setHeader(mTitle) // Show the title in the header location
                     .setDescription(mDetails)
                     .setCheckboxLabel(checkboxLabel)
                     .setAlternateButton(alternateButton)
                     .setExternal(true)
                     .show();
+            return;
         } else if (isEffectiveUserManagedProfile && isInternalActivity()) {
             mCredentialMode = CREDENTIAL_MANAGED;
             if (isBiometricAllowed(effectiveUserId, mUserId)) {
diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java
index 427b4ffdbae..81bd8c231a6 100644
--- a/src/com/android/settings/password/ConfirmLockPassword.java
+++ b/src/com/android/settings/password/ConfirmLockPassword.java
@@ -26,6 +26,10 @@ import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROF
 import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROFILE_PIN_REQUIRED;
 import static android.app.admin.DevicePolicyResources.UNDEFINED;
 
+import static com.android.settings.biometrics.GatekeeperPasswordProvider.containsGatekeeperPasswordHandle;
+import static com.android.settings.biometrics.GatekeeperPasswordProvider.getGatekeeperPasswordHandle;
+import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE;
+
 import android.annotation.Nullable;
 import android.app.KeyguardManager;
 import android.app.RemoteLockscreenValidationResult;
@@ -614,7 +618,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
                         saveAndFinishWorker.setListener(this);
                         saveAndFinishWorker.start(
                                 mLockPatternUtils,
-                                /* requestGatekeeperPassword= */ false,
+                                /* requestGatekeeperPassword= */ true,
                                 mDeviceCredentialGuess,
                                 /* currentCredential= */ null,
                                 mEffectiveUserId);
@@ -705,8 +709,14 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
             if (mDeviceCredentialGuess != null) {
                 mDeviceCredentialGuess.zeroize();
             }
+
+            Intent result = new Intent();
+            if (mRemoteValidation && containsGatekeeperPasswordHandle(resultData)) {
+                result.putExtra(EXTRA_KEY_GK_PW_HANDLE, getGatekeeperPasswordHandle(resultData));
+            }
+
             mGlifLayout.setProgressBarShown(false);
-            mCredentialCheckResultTracker.setResult(/* matched= */ true, new Intent(),
+            mCredentialCheckResultTracker.setResult(/* matched= */ true, result,
                     /* timeoutMs= */ 0, mEffectiveUserId);
         }
     }
diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java
index c664daf9565..7c217399cd5 100644
--- a/src/com/android/settings/password/ConfirmLockPattern.java
+++ b/src/com/android/settings/password/ConfirmLockPattern.java
@@ -22,6 +22,10 @@ import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROF
 import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROFILE_PATTERN_REQUIRED;
 import static android.app.admin.DevicePolicyResources.UNDEFINED;
 
+import static com.android.settings.biometrics.GatekeeperPasswordProvider.containsGatekeeperPasswordHandle;
+import static com.android.settings.biometrics.GatekeeperPasswordProvider.getGatekeeperPasswordHandle;
+import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE;
+
 import android.annotation.Nullable;
 import android.annotation.SuppressLint;
 import android.app.Activity;
@@ -627,7 +631,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
                         saveAndFinishWorker.setListener(this);
                         saveAndFinishWorker.start(
                                 mLockPatternUtils,
-                                /* requestGatekeeperPassword= */ false,
+                                /* requestGatekeeperPassword= */ true,
                                 mDeviceCredentialGuess,
                                 /* currentCredential= */ null,
                                 mEffectiveUserId);
@@ -732,8 +736,14 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
             if (mDeviceCredentialGuess != null) {
                 mDeviceCredentialGuess.zeroize();
             }
+
+            Intent result = new Intent();
+            if (mRemoteValidation && containsGatekeeperPasswordHandle(resultData)) {
+                result.putExtra(EXTRA_KEY_GK_PW_HANDLE, getGatekeeperPasswordHandle(resultData));
+            }
+
             mGlifLayout.setProgressBarShown(false);
-            mCredentialCheckResultTracker.setResult(/* matched= */ true, new Intent(),
+            mCredentialCheckResultTracker.setResult(/* matched= */ true, result,
                     /* timeoutMs= */ 0, mEffectiveUserId);
         }
     }