Create FIDO Policy - specific authenticators

POST {{apiPath}}/environments/{{envID}}/fido2Policies/

Use POST {{apiPath}}/environments/{{envID}}/fido2Policies/ to create a new FIDO policy for an environment.

This example limits authentication to a specific list of authenticators by setting attestationRequirements to SPECIFIC and providing a list of authenticator IDs in the allowedAuthenticators array.

Prerequisites

See FIDO Policies for important overview information.

Property	Type	Required?
`allowedAuthenticators`	Array	Optional
`attestationRequirements`	String	Required
`default`	Boolean	Optional
`description`	String	Optional
`enforceDuringAuthentication`	Boolean	Optional
`name`	String	Required
`residentKeyRequirement`	String	Required

See the FIDO Policies data model for full property descriptions.

Request Body

{"name"=>"FIDO Policy - specific authenticators", "description"=>"FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName"=>"Fido2 device B", "discoverableCredentials"=>"REQUIRED", "authenticatorAttachment"=>"BOTH", "userVerification"=>{"enforceDuringAuthentication"=>true, "option"=>"REQUIRED"}, "backupEligibility"=>{"enforceDuringAuthentication"=>true, "allow"=>true}, "userDisplayNameAttributes"=>{"attributes"=>[{"name"=>"username"}, {"name"=>"email"}]}, "attestationRequirements"=>"DIRECT", "mdsAuthenticatorsRequirements"=>{"option"=>"SPECIFIC", "allowedAuthenticators"=>[{"id"=>"{{allowedAuthenticatorID}}"}, {"id"=>"{{allowedAuthenticatorID_2}}"}], "enforceDuringAuthentication"=>true}, "relyingPartyId"=>"relyingpartydomain.example.com", "default"=>false}

RESPONSES

status: Created

{&quot;_links&quot;:{&quot;self&quot;:{&quot;href&quot;:&quot;https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/4a3dcf3b-b079-42d5-8e90-529205ce0b75&quot;},&quot;environment&quot;:{&quot;href&quot;:&quot;https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6&quot;}},&quot;id&quot;:&quot;4a3dcf3b-b079-42d5-8e90-529205ce0b75&quot;,&quot;environment&quot;:{&quot;id&quot;:&quot;abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6&quot;},&quot;updatedAt&quot;:&quot;2023-06-05T12:43:50.905Z&quot;,&quot;createdAt&quot;:&quot;2023-06-05T12:43:50.905Z&quot;,&quot;name&quot;:&quot;FIDO Policy - specific authenticators&quot;,&quot;description&quot;:&quot;FIDO Policy that specifies two authenticators that can be used&quot;,&quot;deviceDisplayName&quot;:&quot;Fido2 device B&quot;,&quot;discoverableCredentials&quot;:&quot;REQUIRED&quot;,&quot;authenticatorAttachment&quot;:&quot;BOTH&quot;,&quot;userVerification&quot;:{&quot;enforceDuringAuthentication&quot;:true,&quot;option&quot;:&quot;REQUIRED&quot;},&quot;backupEligibility&quot;:{&quot;enforceDuringAuthentication&quot;:true,&quot;allow&quot;:true},&quot;userDisplayNameAttributes&quot;:{&quot;attributes&quot;:[{&quot;name&quot;:&quot;username&quot;},{&quot;name&quot;:&quot;email&quot;}]},&quot;attestationRequirements&quot;:&quot;DIRECT&quot;,&quot;mdsAuthenticatorsRequirements&quot;:{&quot;enforceDuringAuthentication&quot;:true,&quot;option&quot;:&quot;SPECIFIC&quot;,&quot;allowedAuthenticators&quot;:[{&quot;id&quot;:&quot;be42c14ed8d123f6c4534a64e7ffdeb371400278&quot;},{&quot;id&quot;:&quot;6b3c8eb5095216e6753549ace2e0941d8758031e&quot;}]},&quot;relyingPartyId&quot;:&quot;relyingpartydomain.example.com&quot;,&quot;default&quot;:false}