Attack Protection

The Attack Protection API provides operations to configure the User Lockout Settings and the Authenticator Settings in your org to protect against password abuse.

Retrieve the authenticator settings
Identity Engine
OAuth 2.0:
okta.orgs.read

Retrieves the Authenticator Settings for an org

Responses

200

403

Forbidden

429

Too Many Requests

get/attack-protection/api/v1/authenticator-settings

Request samples

Response samples

application/json

[{"verifyKnowledgeSecondWhen2faRequired": false
}
]

Replace the authenticator settings
Identity Engine
OAuth 2.0:
okta.orgs.manage

Replaces the Authenticator Settings for an org

Request

Request Body schema: application/json
required

verifyKnowledgeSecondWhen2faRequired

boolean

Default: false

If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).

Responses

200

400

Bad Request

403

Forbidden

429

Too Many Requests

put/attack-protection/api/v1/authenticator-settings

Request samples

application/json

{"verifyKnowledgeSecondWhen2faRequired": false
}

Response samples

application/json

{"verifyKnowledgeSecondWhen2faRequired": false
}

Retrieve the user lockout settings
OAuth 2.0:
okta.orgs.read

Retrieves the User Lockout Settings for an org

Responses

200

403

Forbidden

429

Too Many Requests

get/attack-protection/api/v1/user-lockout-settings

Request samples

Response samples

application/json

[{"preventBruteForceLockoutFromUnknownDevices": false
}
]

Replace the user lockout settings
OAuth 2.0:
okta.orgs.manage

Replaces the User Lockout Settings for an org

Request

Request Body schema: application/json
required

preventBruteForceLockoutFromUnknownDevices

boolean

Default: false

Prevents brute-force lockout from unknown devices for the password authenticator.

Responses

200

400

Bad Request

403

Forbidden

429

Too Many Requests

put/attack-protection/api/v1/user-lockout-settings

Request samples

application/json

{"preventBruteForceLockoutFromUnknownDevices": false
}

Response samples

application/json

{"preventBruteForceLockoutFromUnknownDevices": false
}

Social
CONTACT & LEGAL
MORE INFORMATION
okta.com
Products, case studies, resources
Help Center
Knowledgebase, roadmaps, and more
Trust
System status, security, compliance

Attack Protection

Retrieve the authenticator settingsIdentity EngineOAuth 2.0: okta.orgs.read

Replace the authenticator settingsIdentity EngineOAuth 2.0: okta.orgs.manage

Request Body schema: application/jsonrequired

Retrieve the user lockout settingsOAuth 2.0: okta.orgs.read

Replace the user lockout settingsOAuth 2.0: okta.orgs.manage

Request Body schema: application/jsonrequired

Retrieve the authenticator settings
Identity Engine
OAuth 2.0:
okta.orgs.read

Replace the authenticator settings
Identity Engine
OAuth 2.0:
okta.orgs.manage

Request Body schema: application/json
required

Retrieve the user lockout settings
OAuth 2.0:
okta.orgs.read

Replace the user lockout settings
OAuth 2.0:
okta.orgs.manage

Request Body schema: application/json
required