Read All FIDO Policies

GET {{apiPath}}/environments/{{envID}}/fido2Policies/?expand=deviceAuthenticationPolicies

Use GET {{apiPath}}/environments/{{envID}}/fido2Policies/ to retrieve all the FIDO policies for an environment.

The response includes an array called fido2Policies, which contains the details of each of the defined FIDO policies.

This example includes the parameter expand=deviceAuthenticationPolicies in the query URL, so the response includes _embedded.deviceAuthenticationPolicies in the details for each policy. This array contains the name and ID of each device authentication policy that uses that FIDO policy.

Note: If your PingOne environment also contains FIDO policies that have not yet been updated to the newer FIDO policy format, you will have to use two requests to get all of the FIDO policies - one that uses the new endpoint fido2Policies and one that uses the previous endpoint fidoPolicies.

Request Params

RESPONSES

status: OK

{"_links":{"environment":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies"}},"_embedded":{"fido2Policies":[{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/8401cfde-1d39-4c7c-b886-d861614929e9"}},"id":"8401cfde-1d39-4c7c-b886-d861614929e9","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-11T08:47:30.019Z","createdAt":"2023-05-31T10:47:52.674Z","name":"Passkeys","deviceDisplayName":"testAPILabelDisplayName","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"email"},{"name":"name","subAttributes":[{"name":"given"},{"name":"family"}]},{"name":"username"}]},"attestationRequirements":"NONE","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":false,"option":"NONE"},"relyingPartyId":"pingone.eu","aggregateDevices":false,"_embedded":{"deviceAuthenticationPolicies":[{"name":"Default MFA Policy","id":"9e2864ee-340f-0dd7-1944-0bd0750732d6"},{"name":"deviceAuthPolicy__1671537273","id":"12eef8a9-cd34-45cc-ab73-3d3bdf33142a"},{"name":"Environment Policy7","id":"1c15f5ab-5b4a-479a-a5b7-835ca16c25a6"},{"name":"deviceAuthPolicy__1660132138","id":"24b2eb67-5d77-4b4f-a2eb-20d994dbc6b4"},{"name":"Environment Policy8 - name updated after creation","id":"400f516c-7965-4402-94b8-0caf05ddd78e"},{"name":"deviceAuthPolicy__1675601281","id":"4a209c77-072b-4d4b-82bf-12158bd43cc7"},{"name":"mfa_policy_1","id":"5a0a0950-8a81-4739-b12a-f4d6a11c7a82"},{"name":"Environment Policy8 - phasing out email","id":"61cf9806-1d18-4eda-92c0-109fc79d4495"},{"name":"deviceAuthPolicy__1687331798","id":"702d420a-1aa7-4d11-9da3-8ad13c0620b5"},{"name":"Environment Policy8 - name updated","id":"7793ae56-3db6-4ab6-be7b-df80100cbae3"},{"name":"deviceAuthPolicy__1671537068","id":"7e758618-e52f-4c87-89d1-931c18895afb"},{"name":"Environment Policy8 - phasing out email - updated","id":"8992b573-1c1b-4a39-8935-b3ec86b5c7ee"},{"name":"deviceAuthPolicy__1687269169","id":"aa3d4353-55d2-412b-ae0f-83237fa80fcc"},{"name":"Environment Policy6","id":"cd362823-a4d4-4fc2-98e8-b86ab96f0615"},{"name":"deviceAuthPolicy__1687268928","id":"cf99cf35-954b-47bb-b567-c7d51427bc36"},{"name":"Policy name - updated 2","id":"d3ae54fe-4c7c-4d43-be57-a838e9abdb1f"}]},"default":true},{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/da7cdb6b-b0bd-4660-8f2e-267d61f865d8"}},"id":"da7cdb6b-b0bd-4660-8f2e-267d61f865d8","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-05-31T10:47:52.696Z","createdAt":"2023-05-31T10:47:52.696Z","name":"Security Keys","deviceDisplayName":"fidoPolicy.deviceDisplayName02","discoverableCredentials":"PREFERRED","authenticatorAttachment":"CROSS_PLATFORM","userVerification":{"enforceDuringAuthentication":true,"option":"PREFERRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":false},"userDisplayNameAttributes":{"attributes":[{"name":"email"},{"name":"name","subAttributes":[{"name":"given"},{"name":"family"}]},{"name":"username"}]},"attestationRequirements":"NONE","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":false,"option":"NONE"},"relyingPartyId":"pingone.eu","aggregateDevices":false,"_embedded":{"deviceAuthenticationPolicies":[]},"default":false},{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/33163ff8-5803-46bf-a558-bd7aeb07d590"}},"id":"33163ff8-5803-46bf-a558-bd7aeb07d590","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-05T12:26:00.422Z","createdAt":"2023-06-05T12:26:00.422Z","name":"FIDO Policy - allow only FIDO-certified authenticators","description":"FIDO Policy that specifies that only FIDO-certified authenticators can be used","deviceDisplayName":"Fido2 device","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"username"},{"name":"email"}]},"attestationRequirements":"DIRECT","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":true,"option":"CERTIFIED"},"relyingPartyId":"relyingpartydomain.example.com","aggregateDevices":false,"_embedded":{"deviceAuthenticationPolicies":[{"name":"Policy name - updated after creation","id":"15337f49-4cff-4b6f-a338-0831ab815286"}]},"default":false},{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/4a3dcf3b-b079-42d5-8e90-529205ce0b75"}},"id":"4a3dcf3b-b079-42d5-8e90-529205ce0b75","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-06T09:54:40.734Z","createdAt":"2023-06-05T12:43:50.905Z","name":"FIDO Policy - specific authenticators - updated list of authenticators","description":"FIDO Policy that specifies two authenticators that can be used","deviceDisplayName":"Fido2 device B","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"username"},{"name":"email"}]},"attestationRequirements":"DIRECT","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":true,"option":"SPECIFIC","allowedAuthenticators":[{"id":"e077926504cd75eb405a45be160f783044e3f5a2"},{"id":"50a45b0c-80e7-f944-bf29-f552bfa2e048"}]},"relyingPartyId":"relyingpartydomain.example.com","aggregateDevices":false,"_embedded":{"deviceAuthenticationPolicies":[]},"default":false},{"_links":{"self":{"href":"https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/7e12f060-0c34-49a2-bd0a-cf5cf2789d24"}},"id":"7e12f060-0c34-49a2-bd0a-cf5cf2789d24","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"updatedAt":"2023-06-07T08:00:30.153Z","createdAt":"2023-06-07T08:00:30.153Z","name":"FIDO Policy - allow only FIDO-certified authenticators 2","description":"FIDO Policy that specifies that only FIDO-certified authenticators can be used","deviceDisplayName":"Fido2 device","discoverableCredentials":"REQUIRED","authenticatorAttachment":"BOTH","userVerification":{"enforceDuringAuthentication":true,"option":"REQUIRED"},"backupEligibility":{"enforceDuringAuthentication":true,"allow":true},"userDisplayNameAttributes":{"attributes":[{"name":"username"},{"name":"email"}]},"attestationRequirements":"DIRECT","mdsAuthenticatorsRequirements":{"enforceDuringAuthentication":true,"option":"CERTIFIED"},"relyingPartyId":"relyingpartydomain.example.com","aggregateDevices":false,"_embedded":{"deviceAuthenticationPolicies":[]},"default":false}]},"size":5}