Updating the Identity Provider Policy

1. Navigate to the relevant OCI IAM Identity Domain and go to the Federation tab. Scroll down to Identity Provider Policies.
2. Click the Default Identity Provider policy.
3. On the policy page, click Identity provider rules tab and click Add IdP rule.
4. Provide a name for the rule, for example, Passwordless AuthN Rule.
5. Under Assign Identity Providers, select Fido Authenticator and/or other authenticating factors as needed. Keep Username-Password disabled in this rule.
6. Under Groups, click the Actions menu and select Add. Choose the group for which you want to enable passwordless configuration and click Add.

   Note:

   Based on this configuration example, passwordless authentication is enabled for all users who are added to the designated group. Alternatively, customers can choose to enable passwordless authentication for all users rather than utilizing a group-based approach. When the group is selected in the above step, only the users within the specified group are affected. If the above group is not selected, passwordless authentication will apply to all users in the OCI IAM Identity Domain.

7. Click Add IdP rule.
8. On the Identity provider rules page, click the Actions menu and select Edit IdP rules priority.
9. Set the priority as "1" for the Passwordless AuthN Rule.
10. Click Save Changes.

    Note:

    If you have chosen any Authenticating Identity Providers in the sign-on rules of the Default Sign-on policy, make sure to also select FIDO and other required authentication factors in the policy.

    If you have not selected any Authenticating Identity Providers, all authentication factors, including FIDO, are automatically included by default, so no additional selection is required.