Policy Matching

HYPR SDK for Android

A policy represents a set of authenticators. Policy Matching is the process of registering and authenticating users with a policy. The policy is specified in the HYPR Control Center (CC) where a policy name maps to a set of authenticators.

FIDO defines a policy as a JSON data structure that allows a relying party to communicate to a FIDO client the capabilities or specific authenticators that are allowed or disallowed for use in a given operation.

Policies can be set up from within CC by following the HYPR for Workforce Policy Management documentation.

Policy Matching from the Mobile Client

During the Quick Start you should have created a CustomHyprDbAdapter class extending the HyprDbAdapter class. Custom Policy Matching requires some additions to the CustomHyprDbAdapter class. The additions include setting the Reg, Auth, and AuthStepUp policies.

// Set Custom Policies here
appProfile.setRpAppActionIdReg(context, "customRegAction");
appProfile.setRpAppActionIdAuth(context, "customAuthAction");
appProfile.setRpAppActionIdAuthStepUp(context, "customAuthStepUpAction");

The complete class with additions is shown here:

public class CustomHyprDbAdapter extends HyprDbAdapter {
    /**
     * Called after a new App Profile is created.
     * Put any DB customizations here for the new App Profile.
     *
     * @param context    current context
     * @param appProfile appProfile object that was just created
     */
    @Override
    public void onNewAppProfileCreated(@NonNull final Context context,
                                       @NonNull HyprAppProfileData appProfile) {
        // Set Custom Policies here
        appProfile.setRpAppActionIdReg(context, "customRegAction");
        appProfile.setRpAppActionIdAuth(context, "customAuthAction");
        appProfile.setRpAppActionIdAuthStepUp(context, "customAuthStepUpAction");
    }
}