Create FIDO Policy - all FIDO-certifiied authenticators

POST {{apiPath}}/environments/{{envID}}/fido2Policies

Use POST {{apiPath}}/environments/{{envID}}/fido2Policies/ to create a new FIDO policy for an environment.

This example sets attestationRequirements to CERTIFIED to allow only FIDO-certified authenticators.

Prerequisites

PropertyTypeRequired?
attestationRequirementsStringRequired
defaultBooleanOptional
descriptionStringOptional
enforceDuringAuthenticationBooleanOptional
nameStringRequired
residentKeyRequirementStringRequired

See the FIDO Policies data model for full property descriptions.

Request Body

{"name"=>"FIDO Policy - allow only FIDO-certified authenticators", "description"=>"FIDO Policy that specifies that only FIDO-certified authenticators can be used", "deviceDisplayName"=>"Fido2 device", "discoverableCredentials"=>"REQUIRED", "authenticatorAttachment"=>"BOTH", "userVerification"=>{"enforceDuringAuthentication"=>true, "option"=>"REQUIRED"}, "backupEligibility"=>{"enforceDuringAuthentication"=>true, "allow"=>true}, "userDisplayNameAttributes"=>{"attributes"=>[{"name"=>"username"}, {"name"=>"email"}]}, "attestationRequirements"=>"DIRECT", "mdsAuthenticatorsRequirements"=>{"allowedAuthenticators"=>nil, "option"=>"CERTIFIED", "enforceDuringAuthentication"=>true}, "relyingPartyId"=>"relyingpartydomain.example.com", "default"=>false}

RESPONSES

status: Created

{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/33163ff8-5803-46bf-a558-bd7aeb07d590"},"environment":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"}},"id":"33163ff8-5803-46bf-a558-bd7aeb07d590","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-05T12:26:00.422Z","createdAt":"2023-06-05T12:26:00.422Z","name":"FIDO Policy - allow only FIDO-certified authenticators","description":"FIDO Policy that specifies that only FIDO-certified authenticators can be used","deviceDisplayName":"Fido2 device","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"username"},{"name":"email"}]},"attestationRequirements":"DIRECT","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":true,"option":"CERTIFIED"},"relyingPartyId":"relyingpartydomain.example.com","default":false}