Skip to content

config properties mfa properties security_keys

GitHub Action edited this page Jan 8, 2025 · 5 revisions

Version

v1.3.2

security_keys Type

object (security_keys)

security_keys Properties

Property Type Required Nullable Defined by
attestation_preference string Optional cannot be null Config
authenticator_attachment string Optional cannot be null Config
enabled boolean Required cannot be null Config
limit integer Optional cannot be null Config
user_verification string Optional cannot be null Config

attestation_preference

attestation_preference is used to specify the preference regarding attestation conveyance during credential generation.

attestation_preference

  • is optional

  • cannot be null

attestation_preference Type

string

attestation_preference Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"direct"
"indirect"
"none"

attestation_preference Default Value

The default value is:

"direct"

authenticator_attachment

authenticator_attachment is used to specify the preference regarding authenticator attachment during credential registration.

authenticator_attachment

  • is optional

  • cannot be null

authenticator_attachment Type

string

authenticator_attachment Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"platform"
"cross-platform"
"no_preference"

authenticator_attachment Default Value

The default value is:

"cross-platform"

enabled

enabled determines whether security keys are eligible for multi-factor-authentication.

enabled

  • is required

  • cannot be null

enabled Type

boolean

enabled Default Value

The default value is:

true

limit

'limit' determines the maximum number of security keys a user can register.

limit

  • is optional

  • cannot be null

limit Type

integer

limit Default Value

The default value is:

10

user_verification

user_verification specifies the requirements regarding local authorization with an authenticator through various authorization gesture modalities; for example, through a touch plus pin code, password entry, or biometric recognition.

The setting applies to both WebAuthn registration and authentication ceremonies.

user_verification

  • is optional

  • cannot be null

user_verification Type

string

user_verification Constraints

enum: the value of this property must be equal to one of the following values:

Value Explanation
"required"
"preferred"
"discouraged"

user_verification Default Value

The default value is:

"discouraged"
Clone this wiki locally