Configuring Passkey Authentication Policies

A passkey authentication policy is a template containing predefined parameters enforced during authentication to comply with internal security policies.

Passkey authentication policies have Authentication Validity setting parameter to configure the policy.

To learn more about passkey authentication policies, see Authentication Policies in the HID Authentication Service.

Creating New Passkey Authentication Policy

Prerequisites: To add a new passkey authentication policy, you must be assigned the Configure Settings permission.

To create a new passkey authentication policy, follow the steps below:

Sign in to Administration portal.
Click Settings icon in the left navigation bar to open the Settings page.
Click Authentication Polices on the Settings page, then you can see list of authentication policies.
Click ADD POLICY, then Add Policy pop-up window appears.
From the drop-down menu, choose a standard passkey authentication policy to replicate for the newly created authentication policy, and then click PROCEED.

See Authentication Policies in the HID Authentication Service for more information.
Authentication Policy Details page opens.

Edit the main information for your Passkey Authentication policy based on your requirement:
- Policy name – should be unique for ease of administration.
- Policy description - a description for your passkey authentication policy. Content is free-format

Then proceed to Authentication Validity settings and define its parameters.

These parameters are related to the validity of the authentication records created for this passkey authentication policy.

Authentication Validity parameters

Parameters	Description
Valid days after creation	The expiration period of an authentication record, as a number of days, starting from the date of creation of the authentication record. To apply the new expiration period to the new authentication records, edit this field.
Valid days after update	The expiration period of an authentication record when the authenticator is changed, starting from the date the authenticator is changed.
Session invalidity timeout (sec)	Time (in seconds) after which an idle session is automatically terminated. The value should be lower than that set for the global Session Timeout parameter.
Session timeout (sec)	The maximum period (in seconds) that a user authenticated via this authentication policy can sustain their session before being prompted to re-authenticate by logging on again.
Disable authenticator after failed attempts	The maximum number of successive failed attempts by a user to log on using an incorrect authenticator before the authenticator is disabled.
Authenticator expiration	If enabled, then you can define the maximum number of times a user can authenticate successfully using an authenticator before it expires. It corresponds to the maximum number of successful authentications allowed.

Click SAVE to save the settings.

After saving, the newly created passkey authentication policy is added into the authentication policies list.

Viewing Passkey Authentication Policy

You can view a passkey authentication policy by following the below steps:

Sign in to Administration portal.
Click Settings in the left navigation bar to open the Settings page.
Click Authentication Polices on the Settings page, then you can see list of Authentication policies.
From the list of authentication policies, choose and click on the row of a passkey authentication policy you want to view.

(or) you can also click on "View Authentication Policy" shown in the action menu () of a passkey authentication policy.

Authentication Policy Details page opens and details are as shown below.

Fields	Description
Policy name	The name of the passkey authentication policy.
Policy description	The description for the passkey authentication policy.
Policy ID	An identifier or code for the passkey authentication policy.

You can also view the parameters of Authentication Validity setting.
Click RETURN to return to the list of authentication policies page.
Note:
If required,
- Click EDIT to edit a passkey authentication policy. Refer to Editing Passkey Authentication Policy
- Click DELETE to delete a passkey authentication policy. Refer to Deleting Passkey Authentication Policy.

Editing Passkey Authentication Policy

Prerequisites: To edit a passkey authentication policy, you must be assigned the Configure Settings permission.

When required, you can edit a passkey authentication policy by following the below steps:

Sign in to Administration portal.
Click Settings in the left navigation bar to open the Settings page.
Click Authentication Polices on the Settings page, then you can see list of authentication policies.
From the list of authentication policies, choose a passkey authentication policy you want to edit.

Click on "Edit Authentication Policy" shown in the action menu () or click EDIT on the view page of that policy.
Authentication Policy Details page opens, do the required changes for policy name, policy description and parameters of Authentication Validity tab.
Click SAVE to update the changes.

Deleting Passkey Authentication Policy

Prerequisites: To delete a passkey authentication policy, you must be assigned the Configure Settings permission.

Important: You cannot delete policies which are assigned to users or devices.

To delete a passkey authentication policy, follow the below steps:

Sign in to Administration portal.
Click Settings in the left navigation bar to open the Settings page.
Click Authentication Polices on the Settings page, then you can see list of Authentication policies.
From the list of authentication policies, choose a passkey authentication policy you want to delete.

Click on "Delete Authentication Policy" shown in the action menu () or click DELETE on the view page of that policy.
A Delete Policy confirmation dialog box appears, click OK to confirm the deletion.