Read All FIDO Policies
GET {{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPoliciesUse GET {{apiPath}}/environments/{{envID}}/fido2Policies to retrieve all the FIDO policies for an environment.
The response includes an array called fido2Policies, which contains the details of each of the defined FIDO policies.
This example includes the parameter expand=deviceAuthenticationPolicies in the query URL, so the response includes _embedded.deviceAuthenticationPolicies in the details for each policy. This array contains the name and ID of each device authentication policy that uses that FIDO policy.
Query parameters
| Query parameter | Attributes (or allowed limits) |
|---|---|
|
N/A |
|
N/A |
|
|
|
N/A |
|
If your PingOne environment also contains FIDO policies that have not yet been updated to the newer FIDO policy format, you will have to use two requests to get all of the FIDO policies - one that uses the new endpoint |
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies' \
--header 'Authorization: Bearer {{accessToken}}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
request.AddHeader("Authorization", "Bearer {{accessToken}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}GET /environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies HTTP/1.1
Host: {{apiPath}}
Authorization: Bearer {{accessToken}}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies")
.method("GET", body)
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies",
"method": "GET",
"timeout": 0,
"headers": {
"Authorization": "Bearer {{accessToken}}"
},
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'GET',
'url': '{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies',
'headers': {
'Authorization': 'Bearer {{accessToken}}'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
url = "{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies"
payload = {}
headers = {
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Authorization' => 'Bearer {{accessToken}}'
));
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
request["Authorization"] = "Bearer {{accessToken}}"
response = http.request(request)
puts response.read_bodyvar request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/fido2Policies?expand=deviceAuthenticationPolicies")!,timeoutInterval: Double.infinity)
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "GET"
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"environment": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies"
}
},
"_embedded": {
"fido2Policies": [
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/8401cfde-1d39-4c7c-b886-d861614929e9"
}
},
"id": "8401cfde-1d39-4c7c-b886-d861614929e9",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2023-06-11T08:47:30.019Z",
"createdAt": "2023-05-31T10:47:52.674Z",
"name": "Passkeys",
"deviceDisplayName": "testAPILabelDisplayName",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "email"
},
{
"name": "name",
"subAttributes": [
{
"name": "given"
},
{
"name": "family"
}
]
},
{
"name": "username"
}
]
},
"attestationRequirements": "NONE",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": false,
"option": "NONE"
},
"relyingPartyId": "pingone.eu",
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": [
{
"name": "Default MFA Policy",
"id": "9e2864ee-340f-0dd7-1944-0bd0750732d6"
},
{
"name": "deviceAuthPolicy__1671537273",
"id": "12eef8a9-cd34-45cc-ab73-3d3bdf33142a"
},
{
"name": "deviceAuthPolicy__1717410507",
"id": "13cbe279-1ea2-49de-af5a-1b153a663a7e"
},
{
"name": "deviceAuthPolicy__1728290330",
"id": "15e03117-7a2e-4f11-b510-3ae3e4c2c004"
},
{
"name": "Environment Policy7",
"id": "1c15f5ab-5b4a-479a-a5b7-835ca16c25a6"
},
{
"name": "deviceAuthPolicy__1727168920",
"id": "1e87f3ad-110f-49fc-b071-8abfc61d93bb"
},
{
"name": "deviceAuthPolicy__1660132138",
"id": "24b2eb67-5d77-4b4f-a2eb-20d994dbc6b4"
},
{
"name": "MFA policy created on 1724158838",
"id": "3061b9fe-2170-41c2-a80d-2f40db69c588"
},
{
"name": "deviceAuthPolicy__1717410234",
"id": "3bd049fe-003a-4f87-bf59-4150113aec57"
},
{
"name": "Environment Policy8 - name updated after creation",
"id": "400f516c-7965-4402-94b8-0caf05ddd78e"
},
{
"name": "deviceAuthPolicy__1675601281",
"id": "4a209c77-072b-4d4b-82bf-12158bd43cc7"
},
{
"name": "deviceAuthPolicy__1726740543",
"id": "4e31860c-ab11-4c2d-b74d-fbbf7e958711"
},
{
"name": "deviceAuthPolicy__1726489121",
"id": "546d2f36-61ce-4d22-ac7d-0f4972a684e3"
},
{
"name": "deviceAuthPolicy__1726740649",
"id": "562a1e92-35aa-4c31-a461-9267da7047c8"
},
{
"name": "deviceAuthPolicy__1727095917",
"id": "56c028ca-78ab-4bb0-a4ed-9e175251a690"
},
{
"name": "deviceAuthPolicy__1726489506",
"id": "57743477-c6b8-45fc-ab11-9af7446d866c"
},
{
"name": "mfa_policy_1",
"id": "5a0a0950-8a81-4739-b12a-f4d6a11c7a82"
},
{
"name": "Environment Policy8 - phasing out email - updated 2",
"id": "61cf9806-1d18-4eda-92c0-109fc79d4495"
},
{
"name": "deviceAuthPolicy__1687331798",
"id": "702d420a-1aa7-4d11-9da3-8ad13c0620b5"
},
{
"name": "Environment Policy8 - name updated",
"id": "7793ae56-3db6-4ab6-be7b-df80100cbae3"
},
{
"name": "deviceAuthPolicy__1671537068",
"id": "7e758618-e52f-4c87-89d1-931c18895afb"
},
{
"name": "Environment Policy8 - phasing out email - updated",
"id": "8992b573-1c1b-4a39-8935-b3ec86b5c7ee"
},
{
"name": "deviceAuthPolicy__1727265670",
"id": "91c6f8f7-bcf2-4727-9b03-45d801b933d1"
},
{
"name": "deviceAuthPolicy__1687269169",
"id": "aa3d4353-55d2-412b-ae0f-83237fa80fcc"
},
{
"name": "deviceAuthPolicy__16_sep",
"id": "bf17406c-e195-464e-b9ec-e152069175c7"
},
{
"name": "Environment Policy6",
"id": "cd362823-a4d4-4fc2-98e8-b86ab96f0615"
},
{
"name": "deviceAuthPolicy__1687268928",
"id": "cf99cf35-954b-47bb-b567-c7d51427bc36"
},
{
"name": "deviceAuthPolicy__1728224271",
"id": "cfa87228-4168-45af-b07b-b8d3a301e5f4"
},
{
"name": "Policy name - updated 2",
"id": "d3ae54fe-4c7c-4d43-be57-a838e9abdb1f"
},
{
"name": "3_june_policy",
"id": "d5fdce59-edee-4dcb-92b2-5c60b52365e0"
},
{
"name": "deviceAuthPolicy__1726988329",
"id": "ed1a309f-25e1-4ab3-8f23-ea7d0e11cd9e"
}
]
},
"default": true
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/da7cdb6b-b0bd-4660-8f2e-267d61f865d8"
}
},
"id": "da7cdb6b-b0bd-4660-8f2e-267d61f865d8",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2023-05-31T10:47:52.696Z",
"createdAt": "2023-05-31T10:47:52.696Z",
"name": "Security Keys",
"deviceDisplayName": "fidoPolicy.deviceDisplayName02",
"discoverableCredentials": "PREFERRED",
"authenticatorAttachment": "CROSS_PLATFORM",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "PREFERRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": false
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "email"
},
{
"name": "name",
"subAttributes": [
{
"name": "given"
},
{
"name": "family"
}
]
},
{
"name": "username"
}
]
},
"attestationRequirements": "NONE",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": false,
"option": "NONE"
},
"relyingPartyId": "pingone.eu",
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/33163ff8-5803-46bf-a558-bd7aeb07d590"
}
},
"id": "33163ff8-5803-46bf-a558-bd7aeb07d590",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-02T14:04:40.706Z",
"createdAt": "2023-06-05T12:26:00.422Z",
"name": "FIDO Policy - allow only FIDO-certified authenticators - old",
"description": "FIDO Policy that specifies that only FIDO-certified authenticators can be used",
"deviceDisplayName": "Fido2 device",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "CERTIFIED"
},
"relyingPartyId": "relyingpartydomain.example.com",
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": [
{
"name": "Policy name - updated after creation",
"id": "15337f49-4cff-4b6f-a338-0831ab815286"
}
]
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/7e12f060-0c34-49a2-bd0a-cf5cf2789d24"
}
},
"id": "7e12f060-0c34-49a2-bd0a-cf5cf2789d24",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2023-06-07T08:00:30.153Z",
"createdAt": "2023-06-07T08:00:30.153Z",
"name": "FIDO Policy - allow only FIDO-certified authenticators 2",
"description": "FIDO Policy that specifies that only FIDO-certified authenticators can be used",
"deviceDisplayName": "Fido2 device",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "CERTIFIED"
},
"relyingPartyId": "relyingpartydomain.example.com",
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/662bcf24-b2bb-4356-990f-2677f7fcc25b"
}
},
"id": "662bcf24-b2bb-4356-990f-2677f7fcc25b",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-02T14:42:24.796Z",
"createdAt": "2024-12-02T14:42:24.796Z",
"name": "FIDO Policy - allow only FIDO-certified authenticators 4",
"description": "FIDO Policy that specifies that only FIDO-certified authenticators can be used",
"deviceDisplayName": "Fido2 device",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "CERTIFIED"
},
"relyingPartyId": "relyingpartydomain.example.com",
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/2638c77f-a51d-4ca4-9d14-d9985a291d18"
}
},
"id": "2638c77f-a51d-4ca4-9d14-d9985a291d18",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-09T12:18:29.287Z",
"createdAt": "2024-12-09T12:18:29.287Z",
"name": "FIDO Policy - allow only FIDO-certified authenticators2",
"description": "FIDO Policy that specifies that only FIDO-certified authenticators can be used",
"deviceDisplayName": "Fido2 device",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "CERTIFIED"
},
"relyingPartyId": "relyingpartydomain.example.com",
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/916195d3-1039-42b2-a4fa-8cabab16b86f"
}
},
"id": "916195d3-1039-42b2-a4fa-8cabab16b86f",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-09T12:19:56.814Z",
"createdAt": "2024-12-09T12:19:56.814Z",
"name": "FIDO Policy - allow only FIDO-certified authenticators",
"description": "FIDO Policy that specifies that only FIDO-certified authenticators can be used",
"deviceDisplayName": "Fido2 device",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "CERTIFIED"
},
"relyingPartyId": "relyingpartydomain.example.com",
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
},
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/6f39f738-9fbb-4a43-94d7-41d84f5e5f46"
}
},
"id": "6f39f738-9fbb-4a43-94d7-41d84f5e5f46",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-09T12:26:07.947Z",
"createdAt": "2024-12-09T12:23:07.475Z",
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "da1fa263-8b25-42b6-a820-c0036f21ba7f"
}
]
},
"relyingPartyId": "relyingpartydomain.example.com",
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"aggregateDevices": false,
"_embedded": {
"deviceAuthenticationPolicies": []
},
"default": false
}
]
},
"size": 8
}