diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index 584122867e96e7b585440b610a81db33d9268edb..71831a39776969b67a3aae4d74de5558e6d88bfa 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -58,11 +58,12 @@ resource "keycloak_realm" "archlinux" {
   verify_email = true
   login_with_email_allowed = true
   password_policy = "length(8) and notUsername"
-  // TODO: WebAuthn policy
-  // https://github.com/mrparkers/terraform-provider-keycloak/issues/355
-  // "Relying Party Entity Name": "Arch Linux SSO"
-  // "Relying Party ID": "accounts.archlinux.org"
-  // "Signature Algorithms": "ES256, ES384, ES512"
+
+  web_authn_policy {
+    relying_party_entity_name = "Arch Linux SSO"
+    relying_party_id          = "accounts.archlinux.org"
+    signature_algorithms      = ["ES256", "RS256", "ES512"]
+  }
 
   login_theme = "archlinux"
   account_theme = "archlinux"
@@ -108,8 +109,12 @@ resource "keycloak_realm" "archlinux" {
   }
 }
 
-// TODO: Register webauthn-register required action
-// https://github.com/mrparkers/terraform-provider-keycloak/issues/354
+resource "keycloak_required_action" "required_action" {
+  realm_id  = "archlinux"
+  alias     = "webauthn-register"
+  enabled   = true
+  name      = "Webauthn Register"
+}
 
 resource "keycloak_realm_events" "realm_events" {
   realm_id = "archlinux"
diff --git a/tf-stage2/versions.tf b/tf-stage2/versions.tf
index 406aa7c550239367bd39e5b7126908fa1855f5be..aa545e7b82cdecc7564b6f19ee5a115bdc0ebc31 100644
--- a/tf-stage2/versions.tf
+++ b/tf-stage2/versions.tf
@@ -5,7 +5,7 @@ terraform {
     }
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "2.0.0-rc.0"
+      version = "2.0.0"
     }
   }
   required_version = ">= 0.13"