Step 12: Create the device authentication policy
POST {{apiPath}}/environments/{{envID}}/deviceAuthenticationPolicies
The POST /environments/{{envID}}/deviceAuthenticationPolicies operation creates a device authentication policy to specify enabled device types. In this use case, the Email device type must be enabled in the device authentication policy to receive the one-time passcode (OTP) needed to complete the MFA action.
Request Body
{"name"=>"useCaseDeviceAuthPolicy__{{$timestamp}}", "sms"=>{"enabled"=>true, "otp"=>{"failure"=>{"count"=>3, "coolDown"=>{"duration"=>0, "timeUnit"=>"MINUTES"}}, "lifeTime"=>{"duration"=>30, "timeUnit"=>"MINUTES"}}}, "email"=>{"enabled"=>true, "otp"=>{"failure"=>{"count"=>3, "coolDown"=>{"duration"=>0, "timeUnit"=>"MINUTES"}}, "lifeTime"=>{"duration"=>30, "timeUnit"=>"MINUTES"}}}, "mobile"=>{"enabled"=>true, "otp"=>{"failure"=>{"count"=>3, "coolDown"=>{"duration"=>2, "timeUnit"=>"MINUTES"}}, "window"=>{"stepSize"=>{"duration"=>30, "timeUnit"=>"SECONDS"}}}, "applications"=>[{"id"=>"{{webApp4MfaId}}", "push"=>{"enabled"=>false}, "otp"=>{"enabled"=>true}, "deviceAuthorization"=>{"enabled"=>true, "extraVerification"=>"permissive"}, "autoEnrollment"=>{"enabled"=>true}, "integrityDetection"=>"permissive"}]}, "totp"=>{"enabled"=>true, "otp"=>{"failure"=>{"count"=>3, "coolDown"=>{"duration"=>2, "timeUnit"=>"MINUTES"}}}}, "voice"=>{"enabled"=>false, "otp"=>{"failure"=>{"count"=>3, "coolDown"=>{"duration"=>0, "timeUnit"=>"MINUTES"}}, "lifeTime"=>{"duration"=>30, "timeUnit"=>"MINUTES"}}}, "securityKey"=>{"enabled"=>true}, "forSignOnPolicy"=>false, "platform"=>{"enabled"=>true}, "default"=>false}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Authorization | string | ||
Content-Type | string |