Create FIDO Policy - all FIDO-certifiied authenticators
POST {{apiPath}}/environments/{{envID}}/fido2Policies
Use POST {{apiPath}}/environments/{{envID}}/fido2Policies/ to create a new FIDO policy for an environment.
This example sets attestationRequirements to CERTIFIED to allow only FIDO-certified authenticators.
Prerequisites
- See FIDO Policies for important overview information.
| Property | Type | Required? |
|---|---|---|
attestationRequirements | String | Required |
default | Boolean | Optional |
description | String | Optional |
enforceDuringAuthentication | Boolean | Optional |
name | String | Required |
residentKeyRequirement | String | Required |
See the FIDO Policies data model for full property descriptions.
Request Body
{"name"=>"FIDO Policy - allow only FIDO-certified authenticators", "description"=>"FIDO Policy that specifies that only FIDO-certified authenticators can be used", "deviceDisplayName"=>"Fido2 device", "discoverableCredentials"=>"REQUIRED", "authenticatorAttachment"=>"BOTH", "userVerification"=>{"enforceDuringAuthentication"=>true, "option"=>"REQUIRED"}, "backupEligibility"=>{"enforceDuringAuthentication"=>true, "allow"=>true}, "userDisplayNameAttributes"=>{"attributes"=>[{"name"=>"username"}, {"name"=>"email"}]}, "attestationRequirements"=>"DIRECT", "mdsAuthenticatorsRequirements"=>{"allowedAuthenticators"=>nil, "option"=>"CERTIFIED", "enforceDuringAuthentication"=>true}, "relyingPartyId"=>"relyingpartydomain.example.com", "default"=>false}
RESPONSES
status: Created
{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/33163ff8-5803-46bf-a558-bd7aeb07d590"},"environment":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"}},"id":"33163ff8-5803-46bf-a558-bd7aeb07d590","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-05T12:26:00.422Z","createdAt":"2023-06-05T12:26:00.422Z","name":"FIDO Policy - allow only FIDO-certified authenticators","description":"FIDO Policy that specifies that only FIDO-certified authenticators can be used","deviceDisplayName":"Fido2 device","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"username"},{"name":"email"}]},"attestationRequirements":"DIRECT","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":true,"option":"CERTIFIED"},"relyingPartyId":"relyingpartydomain.example.com","default":false}