You create two policy rules for FIDO2 in the default access policy in the Workspace ONE Access service, a registration rule and an authentication rule.

Prerequisites

FIDO2 authentication enabled and configured in the Workspace ONE Access service.

Procedure

  1. In the Workspace ONE Access console Resources > Policies page, select EDIT DEFAULT POLICY.
  2. Click Next to open the Configuration page.
  3. To create the registration rule, click Add Policy Rule.
    Option Description
    If a user's network range is Select the network range.
    and user accessing content from Select the device type All Device Types.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    and user is registering FIDO2 authenticator Enable this to Yes.
    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method that is present to users before allowing them to register an authenticator to their account.
    If the preceding methods fails or is not applicable, then (Optional) Configure fallback authentication methods.
  4. Click SAVE. The Configuration page is displayed.
  5. To create the authentication rule, click Add Policy Rule.
    Option Description
    If a user's network range is Select the network range.
    and user accessing content from Select the device type All Device Types.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    and user is registering FIDO2 authenticator This should be disabled.
    Then perform this action Select Authenticate using.
    then the user may authenticate using Select FIDO2.
    If the preceding methods fails or is not applicable, then (Optional)
  6. Click SAVE and then NEXT.