Cloud Administration Read FIDO Configuration API
The Cloud Administration Read FIDO Configuration API allows you to retrieve the current configuration of FIDO authenticators. This API requires the rsa.fido.configuration.read OAuth permission. For more information, see OAuth 2.0-Based Permissions for the Cloud Administration APIs.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs.
Software Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request Requirements
Use the following information to retrieve FIDO configuration.
| Method | Request URL | Response Content Type | Response Body | Response codes |
|---|---|---|---|---|
| GET |
AdminInterface/restapi/v1/configuration/fido | application/json | Object containing FIDO configuration details | 200, 429, 500 |
Example Request Data
The request does not contain any parameters. The following example displays a request.
GET AdminInterface/restapi/v1/configuration/fido
Accept: application/json
Authorization: Bearer <JWT token>
Example Response Body
The following example response shows the FIDO configuration.
{
"fidoAppIdDTOList": [
{
"id": 2,
"errors": {},
"appId": "https://google.com",
"fidoAppIdDtoType": "UNKNOWN"
}
],
"passkeyStatus": false,
"endPasskeyGracePeriodDate": 1771365600000,
"minimumCertificationLevel": "FIDO_CERTIFIED_L2",
"allowedAuthenticatorsList": "DS100,yubikey",
"deniedAuthenticatorsList": "DS101,yubik*",
"allowedAuthenticatorsListEnabled": true,
"deniedAuthenticatorsListEnabled": true,
"fidoStaticNamedList": [
{
"id": null,
"createDate": null,
"errors": {},
"aaguid": null,
"name": "RSA Authenticator App",
"enabled": true
},
{
"id": null,
"createDate": null,
"errors": {},
"aaguid": null,
"name": "RSA DS100",
"enabled": false
},
{
"id": null,
"createDate": null,
"errors": {},
"aaguid": null,
"name": "Windows Hello",
"enabled": false
}
],
"fidoAddedNamedList": [
{
"id": "c9657914-c6d4-2afd-ea11-1a168f98bb3a",
"createDate": null,
"errors": {},
"aaguid": "5626bed4-e756-430b-a7ff-ca78c8b12738",
"name": "VALMIDO PRO FIDO",
"enabled": true
},
{
"id": "e59352d2-bc54-17ed-83b3-093f24ef5a99",
"createDate": null,
"errors": {},
"aaguid": "22222222-2222-2222-2222-222222222222",
"name": "Unknown",
"enabled": true
}
],
"errors": {},
"baseDomain": "https://t1-digitalpowerhouse-01.auth-dev.securid.com",
"cname": null,
"errorString": "Errors: {}"
}
Response Body Parameters
The table lists the parameters returned in the response body.
| Property | Description | Data Type |
|---|---|---|
| fidoAppIdDTOList | FIDO Relying Party Domain(s) | List of objects containing appId |
| passkeyStatus | When disabled, FIDO Synced Passkeys can no longer be registered or used for authentication. | Boolean |
| endPasskeyGracePeriodDate | Unix timestamp in milliseconds for the date when the grace period ends. When enabled, users with registered disallowed authenticators can continue to authenticate using those authenticators until the grace period ends. | String |
| minimumCertificationLevel | Represents the authenticator’s compliance with the security requirements of the FIDO certification program. | String |
| allowedAuthenticatorsList | Comma-separated list of allowed authenticators. | String |
| deniedAuthenticatorsList | Comma-separated list of denied authenticators. | String |
| allowedAuthenticatorsListEnabled | Boolean that determines whether the allowedAuthenticatorsList parameter should be used. | Boolean |
| deniedAuthenticatorsListEnabled | Boolean that determines whether the deniedAuthenticatorsList parameter should be used. | Boolean |
| fidoStaticNamedList | Static list of FIDO authenticators (RSA DS100, Windows Hello, RSA Authenticator App) that administrators can enable or disable. | List |
| fidoAddedNamedList | Dynamic list of FIDO authenticators, where administrators can add or remove authenticators using the AAGUID and change their enabled status. | List |
Response Codes
The following table lists the response codes and their descriptions.
| Code | Description |
|---|---|
| 200 | Emergency Access Code generated successfully. |
| 429 | Too many requests. |
| 500 | Internal error occurred when processing the request. |
Related Articles
Cloud Administration Manage FIDO Configuration API Number of Views Deploying RSA Authenticator 6.2.7 for Windows Using DISM Number of Views PAM Agent is failing to connect to RSA Servers (Curl error code: 35) Number of Views Cloud Administration Update SMS and Voice Phone API Number of Views Failing to access Identity Router IDR Web resource after IDR v2.17 update Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
