Cloud Administration Manage FIDO Configuration API
The Cloud Administration Manage FIDO Configuration API allows you to manage the configuration of FIDO authenticators. This API requires the rsa.fido.configuration.manage OAuth permission. For more information, see OAuth 2.0-Based Permissions for the Cloud Administration APIs.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs.
Software Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request Requirements
Use the following information to manage FIDO configuration.
| Action | Method | Request URL | Response Content Type | Response Body | Response codes |
|---|---|---|---|---|---|
| Update FIDO Configuration | PATCH | AdminInterface/restapi/v1/configuration/fido | application/json | Object containing FIDO configuration details | 200, 400, 429, 500 |
Example Request Data
The request does not contain any parameters. The following example displays a request.
PATCH AdminInterface/restapi/v1/configuration/fido
Accept: application/json
Authorization: Bearer <JWT token>
Example Request Body
The following example request shows the FIDO configuration.
{
"fidoAppIdDTOList": [
{
"id": 2,
"appId": "https://google.com",
}
],
"passkeyStatus": false,
"endPasskeyGracePeriodDate": 1771365600000,
"minimumCertificationLevel": "FIDO_CERTIFIED_L2",
"allowedAuthenticatorsList": "DS100,yubikey",
"deniedAuthenticatorsList": "DS101,yubik*",
"allowedAuthenticatorsListEnabled": true,
"deniedAuthenticatorsListEnabled": true,
"fidoStaticNamedList": [
{
"name": "RSA Authenticator App",
"enabled": true
},
{
"name": "RSA DS100",
"enabled": false
},
{
"name": "Windows Hello",
"enabled": false
}
],
"fidoAddedNamedList": [
{
"aaguid": "5626bed4-e756-430b-a7ff-ca78c8b12738",
"enabled": true
},
{
"aaguid": "22222222-2222-2222-2222-222222222222",
"enabled": true
}
]
}
Response Body Parameters
The table lists the parameters returned in the response body.
| Property | Description | Data Type | Required |
|---|---|---|---|
| fidoAppIdDTOList | FIDO Relying Party Domain(s) | List of objects containing appId | False |
| passkeyStatus | When disabled, FIDO Synced Passkeys can no longer be registered or used for authentication. | Boolean | False |
| endPasskeyGracePeriodDate | Unix timestamp in milliseconds for the date when the grace period ends. When enabled, users with registered disallowed authenticators can continue to authenticate using those authenticators until the grace period ends. | String | False |
| minimumCertificationLevel | Represents the authenticator’s compliance with the security requirements of the FIDO certification program. | String Must be one of: ["FIDO_CERTIFIED_L1", "FIDO_CERTIFIED_L2", "FIDO_CERTIFIED_L3"] | False |
| allowedAuthenticatorsList | Comma-separated list of allowed authenticators. | String | False |
| deniedAuthenticatorsList | Comma-separated list of denied authenticators. | String | False |
| allowedAuthenticatorsListEnabled | Boolean that determines whether the allowedAuthenticatorsList parameter should be used. | Boolean | False |
| deniedAuthenticatorsListEnabled | Boolean that determines whether the deniedAuthenticatorsList parameter should be used. | Boolean | False |
| fidoStaticNamedList | Static list of FIDO authenticators (RSA DS100, Windows Hello, RSA Authenticator App) that administrators can enable or disable. | List | False |
| fidoAddedNamedList | Dynamic list of FIDO authenticators, where administrators can add or remove authenticators using the AAGUID and change their enabled status. | List | False |
Response Codes
The following table lists the response codes and their descriptions.
| Code | Description |
|---|---|
| 200 | Emergency Access Code generated successfully. |
| 400 | Invalid AAGUID format. Duplicate AAGUID found. Invalid FIDO certification level. |
| 429 | Too many requests. |
| 500 | Internal error occurred when processing the request. |
Related Articles
Cloud Administration Read FIDO Configuration API Number of Views Deploying RSA Authenticator 6.2.7 for Windows Using DISM Number of Views PAM Agent is failing to connect to RSA Servers (Curl error code: 35) Number of Views Cloud Administration Update SMS and Voice Phone API Number of Views Failing to access Identity Router IDR Web resource after IDR v2.17 update Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
