Policy Management

Overview

Term

Explanation

'Policy'

Defines a sets of authenticators to use for registration and authentication.

'Policy Matching'

Process of determining which set of authenticators to use.

📘

FIDO Alliance Definition

A JSON data structure that allows a relying party to communicate to a FIDO Client the capabilities or specific authenticators that are allowed or disallowed for use in a given operation.

How To Create a Policy

Step 1: From the Control Center, first select the application within the navigation panel for which the policy is intended. Then click on the 'pencil' edit icon on the top right of the Authentication and Policy Management widget.

Step 2: Manage enabled Authenticators with ON/OFF toggle switches. Here you can add a new policy within the Policy Management section.

Step 3: Select Authenticators

Note
If the first set of authenticators are not available on the mobile client, the mobile will request the second set, and if authenticators from the second set are also not available the mobile will attempt the third set, and so forth.

Policy Usage

Policies created in the Control Center can be used by the mobile device (HYPR One app and SDK) the following ways:

  1. Registration Policy - Policy used during registration, typically includes all authenticators that will be used in all policies.

  2. Authentication Policy - Policy used during authentication, typically a subset of the authenticators that were registered with the Registration Policy.

  3. Step-Up Policy - Policy used during step-up authentications (transactions), typically a subset of the authenticators that were registered with the Registration Policy.

Policy Naming

When creating policies, the naming of the policy plays an important role. The policies in the Control Center should be named with the following syntax:

  1. Registration Policy - 'defaultRegAction'
  2. Authentication Policy - 'defaultAuthAction'
  3. Step-Up Policy - 'completeMediumTransaction'

🚧

HYPR Mobile SDK Users

Ensure the policies you create in the Control Center match the configuration in the HYPR Mobile SDKs.

📘

Step-Up Policy

Only available for Web Access Applications. This cannot be used for Desktop MFA.

If you're using the HYPR Mobile App, then no modifications is required, it will use these policies by default.