FIDO policies can be used in an MFA policy. For information, see MFA.

Note:

When creating an environment, a FIDO policy is created by default.

  1. Go to Experiences > FIDO.
  2. On the FIDO Policies page, click the + icon.
  3. In the Name field, enter a meaningful name for the policy.

    The Name field allows a maximum of 256 characters.

  4. In the FIDO resident key field, select:
    • Discouraged: Discourage the use of FIDO resident keys.
    • Required: Require the use of resident keys. This option is required for usernameless authentication.
  5. In the Direct Attestation Request field, select:
    • None: Allow all FIDO devices, and do not request attestation.
    • Audit only: Request attestation for auditing purposes only.
    • Allow All Global: Allow use of all FIDO devices listed in the Global Authenticators table and request attestation.
    • Allow FIDO Certified Authenticators: Only allow use of FIDO Certified devices, and request attestation.
    • Allow Specific Authenticators: Allow use of only the devices specified.
      A screen capture of the Add policy window showing the option to allow specific authenticators only, the option to Enforce the policy during authentication, and the option to select specific authenticators from the global authenticators table.
      To specify devices:
      1. After selecting Allow Specific Authenticators, and select the check boxes for the devices that you want to include.
        Tip:

        Use the search bar to search for a specific device, if required.

      2. To prevent authentication with other devices that are already registered with a user's account, but are not included in the Allow Specific Authenticators list, select the Enforce during authentication check box.
        Note:

        This option can be applied only to devices that included a FIDO resident key during the registration process.

      3. To add a FIDO device to the Global Authenticators Table, see Managing the Global Authenticators Table.
  6. Click Save.

    The policy is added to the Policy list.

    Tip:

    In the Policy list, click a policy to see a summary of the policy details in the right pane or edit an existing policy.