Update FIDO Policy
PUT {{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}Use PUT {{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}} to update the details of an existing FIDO policy.
The policy ID can be taken from the id field for the policy in the list of policies returned when you retrieve all of the FIDO policies for an environment. The ID of each policy is also displayed on the FIDO Policies page in the PingOne UI.
Prerequisites
-
Refer to FIDO Policies for important overview information.
Request Model
| Property | Type | Required? |
|---|---|---|
|
Array |
Optional |
|
String |
Required |
|
Boolean |
Optional |
|
String |
Optional |
|
Boolean |
Optional |
|
String |
Required |
|
Array |
Optional |
|
String |
Required |
Refer to the FIDO Policies data model for full property descriptions.
Body
raw ( application/json )
{
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints" : [
"SECURITY_KEY", "CLIENT_DEVICE","HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff --request PUT '{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints" : [
"SECURITY_KEY", "CLIENT_DEVICE","HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Put);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""name"": ""FIDO Policy - specific authenticators - updated list of authenticators""," + "\n" +
@" ""description"": ""FIDO Policy that specifies two authenticators that can be used""," + "\n" +
@" ""deviceDisplayName"": ""Fido2 device B""," + "\n" +
@" ""discoverableCredentials"": ""REQUIRED""," + "\n" +
@" ""authenticatorAttachment"": ""BOTH""," + "\n" +
@" ""userVerification"": {" + "\n" +
@" ""enforceDuringAuthentication"": true," + "\n" +
@" ""option"": ""REQUIRED""" + "\n" +
@" }," + "\n" +
@" ""backupEligibility"": {" + "\n" +
@" ""enforceDuringAuthentication"": true," + "\n" +
@" ""allow"": true" + "\n" +
@" }," + "\n" +
@" ""userDisplayNameAttributes"": {" + "\n" +
@" ""attributes"": [" + "\n" +
@" {" + "\n" +
@" ""name"": ""username""" + "\n" +
@" }," + "\n" +
@" {" + "\n" +
@" ""name"": ""email""" + "\n" +
@" }" + "\n" +
@" ]" + "\n" +
@" }," + "\n" +
@" ""attestationRequirements"": ""DIRECT""," + "\n" +
@" ""mdsAuthenticatorsRequirements"": {" + "\n" +
@" ""option"": ""SPECIFIC""," + "\n" +
@" ""allowedAuthenticators"": [" + "\n" +
@" {" + "\n" +
@" ""id"": ""{{allowedAuthenticatorID}}""" + "\n" +
@" }," + "\n" +
@" {" + "\n" +
@" ""id"": ""{{allowedAuthenticatorID_2}}""" + "\n" +
@" }" + "\n" +
@" ]," + "\n" +
@" ""enforceDuringAuthentication"": true" + "\n" +
@" }," + "\n" +
@" ""publicKeyCredentialHints"" : [" + "\n" +
@" ""SECURITY_KEY"", ""CLIENT_DEVICE"",""HYBRID""" + "\n" +
@" ]," + "\n" +
@" ""relyingPartyId"": ""relyingpartydomain.example.com""," + "\n" +
@" ""default"": false" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}"
method := "PUT"
payload := strings.NewReader(`{
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints" : [
"SECURITY_KEY", "CLIENT_DEVICE","HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}PUT /environments/{{envID}}/fido2Policies/{{fidoPolicyID}} HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints" : [
"SECURITY_KEY", "CLIENT_DEVICE","HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"FIDO Policy - specific authenticators - updated list of authenticators\",\n \"description\": \"FIDO Policy that specifies two authenticators that can be used\",\n \"deviceDisplayName\": \"Fido2 device B\",\n \"discoverableCredentials\": \"REQUIRED\",\n \"authenticatorAttachment\": \"BOTH\",\n \"userVerification\": {\n \"enforceDuringAuthentication\": true,\n \"option\": \"REQUIRED\"\n },\n \"backupEligibility\": {\n \"enforceDuringAuthentication\": true,\n \"allow\": true\n },\n \"userDisplayNameAttributes\": {\n \"attributes\": [\n {\n \"name\": \"username\"\n },\n {\n \"name\": \"email\"\n }\n ]\n },\n \"attestationRequirements\": \"DIRECT\",\n \"mdsAuthenticatorsRequirements\": {\n \"option\": \"SPECIFIC\",\n \"allowedAuthenticators\": [\n {\n \"id\": \"{{allowedAuthenticatorID}}\"\n },\n {\n \"id\": \"{{allowedAuthenticatorID_2}}\"\n }\n ],\n \"enforceDuringAuthentication\": true\n },\n \"publicKeyCredentialHints\" : [\n \"SECURITY_KEY\", \"CLIENT_DEVICE\",\"HYBRID\"\n ],\n \"relyingPartyId\": \"relyingpartydomain.example.com\",\n \"default\": false\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}")
.method("PUT", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}",
"method": "PUT",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'PUT',
'url': '{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}"
payload = json.dumps({
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": True,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": True,
"allow": True
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": True
},
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": False
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("PUT", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}');
$request->setMethod(HTTP_Request2::METHOD_PUT);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "name": "FIDO Policy - specific authenticators - updated list of authenticators",\n "description": "FIDO Policy that specifies two authenticators that can be used",\n "deviceDisplayName": "Fido2 device B",\n "discoverableCredentials": "REQUIRED",\n "authenticatorAttachment": "BOTH",\n "userVerification": {\n "enforceDuringAuthentication": true,\n "option": "REQUIRED"\n },\n "backupEligibility": {\n "enforceDuringAuthentication": true,\n "allow": true\n },\n "userDisplayNameAttributes": {\n "attributes": [\n {\n "name": "username"\n },\n {\n "name": "email"\n }\n ]\n },\n "attestationRequirements": "DIRECT",\n "mdsAuthenticatorsRequirements": {\n "option": "SPECIFIC",\n "allowedAuthenticators": [\n {\n "id": "{{allowedAuthenticatorID}}"\n },\n {\n "id": "{{allowedAuthenticatorID_2}}"\n }\n ],\n "enforceDuringAuthentication": true\n },\n "publicKeyCredentialHints" : [\n "SECURITY_KEY", "CLIENT_DEVICE","HYBRID"\n ],\n "relyingPartyId": "relyingpartydomain.example.com",\n "default": false\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Put.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "{{allowedAuthenticatorID_2}}"
}
],
"enforceDuringAuthentication": true
},
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"relyingPartyId": "relyingpartydomain.example.com",
"default": false
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"name\": \"FIDO Policy - specific authenticators - updated list of authenticators\",\n \"description\": \"FIDO Policy that specifies two authenticators that can be used\",\n \"deviceDisplayName\": \"Fido2 device B\",\n \"discoverableCredentials\": \"REQUIRED\",\n \"authenticatorAttachment\": \"BOTH\",\n \"userVerification\": {\n \"enforceDuringAuthentication\": true,\n \"option\": \"REQUIRED\"\n },\n \"backupEligibility\": {\n \"enforceDuringAuthentication\": true,\n \"allow\": true\n },\n \"userDisplayNameAttributes\": {\n \"attributes\": [\n {\n \"name\": \"username\"\n },\n {\n \"name\": \"email\"\n }\n ]\n },\n \"attestationRequirements\": \"DIRECT\",\n \"mdsAuthenticatorsRequirements\": {\n \"option\": \"SPECIFIC\",\n \"allowedAuthenticators\": [\n {\n \"id\": \"{{allowedAuthenticatorID}}\"\n },\n {\n \"id\": \"{{allowedAuthenticatorID_2}}\"\n }\n ],\n \"enforceDuringAuthentication\": true\n },\n \"publicKeyCredentialHints\" : [\n \"SECURITY_KEY\", \"CLIENT_DEVICE\",\"HYBRID\"\n ],\n \"relyingPartyId\": \"relyingpartydomain.example.com\",\n \"default\": false\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "PUT"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/6f39f738-9fbb-4a43-94d7-41d84f5e5f46"
},
"environment": {
"href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
}
},
"id": "6f39f738-9fbb-4a43-94d7-41d84f5e5f46",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"updatedAt": "2024-12-09T12:26:07.947Z",
"createdAt": "2024-12-09T12:23:07.475Z",
"name": "FIDO Policy - specific authenticators - updated list of authenticators",
"description": "FIDO Policy that specifies two authenticators that can be used",
"deviceDisplayName": "Fido2 device B",
"discoverableCredentials": "REQUIRED",
"authenticatorAttachment": "BOTH",
"userVerification": {
"enforceDuringAuthentication": true,
"option": "REQUIRED"
},
"userPresenceTimeout": {
"duration": 2,
"timeUnit": "MINUTES"
},
"backupEligibility": {
"enforceDuringAuthentication": true,
"allow": true
},
"userDisplayNameAttributes": {
"attributes": [
{
"name": "username"
},
{
"name": "email"
}
]
},
"attestationRequirements": "DIRECT",
"mdsAuthenticatorsRequirements": {
"enforceDuringAuthentication": true,
"option": "SPECIFIC",
"allowedAuthenticators": [
{
"id": "{{allowedAuthenticatorID}}"
},
{
"id": "da1fa263-8b25-42b6-a820-c0036f21ba7f"
}
]
},
"relyingPartyId": "relyingpartydomain.example.com",
"publicKeyCredentialHints": [
"SECURITY_KEY",
"CLIENT_DEVICE",
"HYBRID"
],
"aggregateDevices": false,
"default": false
}