The device authentication policy settings endpoints provide the ability to configure different settings per MFA authentication method, according to your security policies.

Device authentication policy data model

Parameter Type Mutability Description
environment Reference Immutable Reference to the environment.
id UUID Immutable Authenticating device’s UUID.
name String Immutable Device authentication policy’s name.
sms Offline device (SMS, voice, email) authentication policy data model SMS device authentication policy settings.
voice Offline device (SMS, voice, email) authentication policy data model Voice device authentication policy settings.
email Offline device (SMS, voice, email) authentication policy data model Email device authentication policy settings.
mobile Mobile authentication policy data model Mobile device authentication policy settings.
totp TOTP authentication policy data model TOTP device authentication policy settings.
securityKey.enabled Boolean Security key:
Enabled or disabled in the policy.
platform.enabled Boolean FIDO2 biometrics:
Enabled or disabled in the policy.
default Boolean Mutable The default policy for Flow Manager.
forSignOnPolicy Boolean Mutable Relevant to sign on policy backed flows.
updatedAt Date Immutable Resource’s last update date.

Offline device (SMS, voice, email) authentication policy data model

Parameter Type Mutability Description
enabled Boolean Enabled or disabled in the policy.
otp.lifetime.duration Long Mutable The duration (number of time units) that the passcode is valid before it expires.
otp.lifetime.timeUnit TimeUnit Mutable The type of time unit for otp.lifetime.duration. Valid values:
  • MINUTES
  • SECONDS
otp.failure.count Integer Mutable The maximum number of times that the OTP entry can fail for a user, before they are blocked.
otp.failure.coolDown.duration Long Mutable The duration (number of time units) the user is blocked after reaching the maximum number of passcode failures.
otp.failure.coolDown.timeUnit TimeUnit Mutable The type of time unit for otp.failure.coolDown.duration. Valid values:
  • MINUTES
  • SECONDS

Mobile device authentication policy data model

Parameter Type Mutability Description
enabled Boolean Enabled or disabled in the policy.
otp.window.stepSize.duration Long Mutable The duration (number of time units) the user is blocked after reaching the maximum number of passcode failures.
otp.window.stepSize.timeUnit TimeUnit Mutable The type of time unit for otp.window.stepSize.duration. Valid values:
  • MINUTES
  • SECONDS
otp.window.failure.count Integer Mutable The maximum number of times that the OTP entry can fail for a user, before they are blocked.
otp.windowp.failure.coolDown.duration Long Mutable The duration (number of time units) the user is blocked after reaching the maximum number of passcode failures.
otp.window.failure.coolDown.timeUnit TimeUnit Mutable The type of time unit for otp.window.failure.coolDown.duration. Valid values:
  • MINUTES
  • SECONDS

TOTP device authentication policy data model

Parameter Type Mutability Description
enabled Boolean Enabled or disabled in the policy.
otp.failure.count Integer Mutable The maximum number of times that the OTP entry can fail for a user, before they are blocked.
otp.failure.coolDown.duration Long Mutable The duration (number of time units) the user is blocked after reaching the maximum number of passcode failures.
otp.failure.coolDown.timeUnit TimeUnit Mutable The type of time unit for otp.failure.coolDown.duration. Valid values:
  • MINUTES
  • SECONDS