Configure FIDO2 as an MFA factor

Release version: Australia

Updated March 12, 2026

1 minute to read

Configure policy input and condition to display FIDO2 as an MFA factor policy for authentication.

Before you begin

Role required: adaptive_auth_admin

Navigate to All > Multi-factor Authentication > MFA Context.
Select the MFA Factor Policies tab.
Select the Display FIDO2 as an MFA Factor Policy.
Select New to add Policy Inputs.
Select the filter criteria that you want to create.
Following are the types of filter criteria:
For example, Role Filter Criteria.
Select Role Filter Criteria, fill the fields for the role filter criteria and submit the record.
The new policy is created. For more information, see Role Filter Criteria.
Let's take an example of using ITIL role for the user (andrew.och) as the policy input and submit.
On the Policy - Display FIDO2 as an MFA Factor Policy page, select Policy Conditions.
Select New to add policy conditions.

On the form, fill in the fields.

Table 1. Condition form
Field	Description
Label	Name to identify the condition.
Description	Description of the condition.
Condition	Logical combination of multiple policy inputs (filter criteria) that is used to evaluate authentication requests. Select the role-based filter criteria policy that was created for the condition.

Select Submit.

Based on the policy input and condition, if the user (andrew.och) tries to log in to the instance, the user is shown as the FIDO screen to either enroll and register.

To know more about different configuration example and user behaviors, see Example Configurations and User Behaviors.
Optional: Repeat step 8 to create additional policy conditions.

Note:
If you create multiple policy conditions, the final output of the access policy depends on the logical OR output of the all policy conditions. Based on the conditions the policy is evaluated.