PingOne Cloud Platform PingOne Product Administration User task Configuration IDaaS Deployment Method Product documentation Content Type Administrator Audience Developer
You can create one or more FIDO policies and change the default policy for the
environment, if required.
FIDO policies can be used in an MFA policy. For information, see MFA.
Note:
When creating an environment, a FIDO policy is created by default.
Go to Experiences > FIDO.
On the FIDO Policies page, click the
+ icon.
In the Name field, enter a meaningful name for the
policy.
The Name field allows a maximum of 256 characters.
In the FIDO resident key field, select:
Discouraged: Discourage the use of FIDO resident
keys.
Required: Require the use of resident keys. This
option is required for usernameless authentication.
In the Direct Attestation Request field, select:
None: Allow all FIDO devices, and do not request
attestation.
Audit only: Request attestation for auditing
purposes only.
Allow All Global: Allow use of all FIDO devices
listed in the Global Authenticators table and request attestation.
Allow FIDO Certified Authenticators: Only allow
use of FIDO Certified devices, and request attestation.
Allow Specific Authenticators: Allow use of only
the devices specified. To specify devices:
After selecting Allow Specific
Authenticators, and select the check boxes for the
devices that you want to include.
Tip:
Use the search bar to search for a specific device, if
required.
To prevent authentication with other devices that are already
registered with a user's account, but are not included in the
Allow Specific Authenticators list,
select the Enforce during authentication
check box.
Note:
This option can be applied only to devices that included a
FIDO resident key during the registration process.
