...
Policy Name | Description | Value |
|---|---|---|
SecondFactorOnlyCredentialPolicyRule | A list of authenticators based on their Authenticator Attestation GUID (AAGUID) that can only be used for second-factor authentication, and will be rejected if used as a sole factor of authentication. For example, even if they signalled Even if the authenticator indicates User Verification during authentication, they the credential can still be excluded. Potentially helpful for excluding This is potentially useful for omitting untrusted software authenticators. | The comma-separated list of authenticators can be directly specified in the XML configuration or, for convenience, set by the idp.authn.webauthn.authenticator.policy.secondFactorOnlyAuthenticators property. |
...