Cloud Administration Manage FIDO Configuration API
The Cloud Administration Manage FIDO Configuration API allows you to manage the configuration of FIDO authenticators. This API requires the rsa.fido.configuration.manage OAuth permission. For more information, see OAuth 2.0-Based Permissions for the Cloud Administration APIs.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs.
Software Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request Requirements
Use the following information to manage FIDO configuration.
| Action | Method | Request URL | Response Content Type | Response Body | Response codes |
|---|---|---|---|---|---|
| Update FIDO Configuration | PATCH | AdminInterface/restapi/v1/configuration/fido | application/json | Object containing FIDO configuration details | 200, 400, 429, 500 |
Example Request Data
The request does not contain any parameters. The following example displays a request.
PATCH AdminInterface/restapi/v1/configuration/fido
Accept: application/json
Authorization: Bearer <JWT token>
Example Request Body
The following example request shows the FIDO configuration.
{
"fidoAppIdDTOList": [
{
"id": 2,
"appId": "https://google.com",
}
],
"passkeyStatus": false,
"endPasskeyGracePeriodDate": 1771365600000,
"minimumCertificationLevel": "FIDO_CERTIFIED_L2",
"allowedAuthenticatorsList": "DS100,yubikey",
"deniedAuthenticatorsList": "DS101,yubik*",
"allowedAuthenticatorsListEnabled": true,
"deniedAuthenticatorsListEnabled": true,
"fidoStaticNamedList": [
{
"name": "RSA Authenticator App",
"enabled": true
},
{
"name": "RSA DS100",
"enabled": false
},
{
"name": "Windows Hello",
"enabled": false
}
],
"fidoAddedNamedList": [
{
"aaguid": "5626bed4-e756-430b-a7ff-ca78c8b12738",
"enabled": true
},
{
"aaguid": "22222222-2222-2222-2222-222222222222",
"enabled": true
}
]
}
Response Body Parameters
The table lists the parameters returned in the response body.
| Property | Description | Data Type | Required |
|---|---|---|---|
| fidoAppIdDTOList | FIDO Relying Party Domain(s) | List of objects containing appId | False |
| passkeyStatus | When disabled, FIDO Synced Passkeys can no longer be registered or used for authentication. | Boolean | False |
| endPasskeyGracePeriodDate | Unix timestamp in milliseconds for the date when the grace period ends. When enabled, users with registered disallowed authenticators can continue to authenticate using those authenticators until the grace period ends. | String | False |
| minimumCertificationLevel | Represents the authenticator’s compliance with the security requirements of the FIDO certification program. | String Must be one of: ["FIDO_CERTIFIED_L1", "FIDO_CERTIFIED_L2", "FIDO_CERTIFIED_L3"] | False |
| allowedAuthenticatorsList | Comma-separated list of allowed authenticators. | String | False |
| deniedAuthenticatorsList | Comma-separated list of denied authenticators. | String | False |
| allowedAuthenticatorsListEnabled | Boolean that determines whether the allowedAuthenticatorsList parameter should be used. | Boolean | False |
| deniedAuthenticatorsListEnabled | Boolean that determines whether the deniedAuthenticatorsList parameter should be used. | Boolean | False |
| fidoStaticNamedList | Static list of FIDO authenticators (RSA DS100, Windows Hello, RSA Authenticator App) that administrators can enable or disable. | List | False |
| fidoAddedNamedList | Dynamic list of FIDO authenticators, where administrators can add or remove authenticators using the AAGUID and change their enabled status. | List | False |
Response Codes
The following table lists the response codes and their descriptions.
| Code | Description |
|---|---|
| 200 | Emergency Access Code generated successfully. |
| 400 | Invalid AAGUID format. Duplicate AAGUID found. Invalid FIDO certification level. |
| 429 | Too many requests. |
| 500 | Internal error occurred when processing the request. |
Related Articles
Cloud Administration Read FIDO Configuration API Number of Views Deploying RSA Authenticator 6.2.7 for Windows Using DISM Number of Views Deploying RSA Authenticator 6.2.4 for Windows Using DISM Number of Views Add a RADIUS Attribute Definition to a Dictionary Number of Views Availability of Passkey Feature in RSA Authenticator 4.5 for iOS and Android Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
