You can create one or more FIDO policies and change the default policy for the environment, if required.
FIDO policies can be used in an MFA policy. For information, see MFA.
When creating an environment, a FIDO policy is created by default.
- Go to Experiences > FIDO.
- On the FIDO Policies page, click the + icon.
-
In the Name field, enter a meaningful name for the
policy.
The Name field allows a maximum of 256 characters.
-
In the FIDO resident key field, select:
- Discouraged: Discourage the use of FIDO resident keys.
- Required: Require the use of resident keys. This option is required for usernameless authentication.
-
In the Direct Attestation Request field, select:
- None: Allow all FIDO devices, and do not request attestation.
- Audit only: Request attestation for auditing purposes only.
- Allow All Global: Allow use of all FIDO devices listed in the Global Authenticators table and request attestation.
- Allow FIDO Certified Authenticators: Only allow use of FIDO Certified devices, and request attestation.
- Allow Specific Authenticators: Allow use of only
the devices specified.
- After selecting Allow Specific
Authenticators, and select the check boxes for the
devices that you want to include. Tip:
Use the search bar to search for a specific device, if required.
- To prevent authentication with other devices that are already
registered with a user's account, but are not included in the
Allow Specific Authenticators list,
select the Enforce during authentication
check box. Note:
This option can be applied only to devices that included a FIDO resident key during the registration process.
- To add a FIDO device to the Global Authenticators Table, see Managing the Global Authenticators Table.
- After selecting Allow Specific
Authenticators, and select the check boxes for the
devices that you want to include.
-
Click Save.
The policy is added to the Policy list.
Tip:In the Policy list, click a policy to see a summary of the policy details in the right pane or edit an existing policy.