Attack Protection

The Attack Protection API provides operations to configure the User Lockout Settings and the Authenticator Settings in your org to protect against password abuse.

Retrieve the authenticator settings
Identity Engine
OAuth 2.0: okta.orgs.read

Retrieves the Authenticator Settings for an org

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/attack-protection/api/v1/authenticator-settings
Request samples
Response samples
application/json
[
  • {
    • "verifyKnowledgeSecondWhen2faRequired": false
    }
]

Replace the authenticator settings
Identity Engine
OAuth 2.0: okta.orgs.manage

Replaces the Authenticator Settings for an org

Request
Request Body schema: application/json
required
verifyKnowledgeSecondWhen2faRequired
boolean
Default: false

If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).

Responses
200

OK

400

Bad Request

403

Forbidden

429

Too Many Requests

put/attack-protection/api/v1/authenticator-settings
Request samples
application/json
{
  • "verifyKnowledgeSecondWhen2faRequired": false
}
Response samples
application/json
{
  • "verifyKnowledgeSecondWhen2faRequired": false
}

Retrieve the user lockout settings
OAuth 2.0: okta.orgs.read

Retrieves the User Lockout Settings for an org

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/attack-protection/api/v1/user-lockout-settings
Request samples
Response samples
application/json
[
  • {
    • "preventBruteForceLockoutFromUnknownDevices": false
    }
]

Replace the user lockout settings
OAuth 2.0: okta.orgs.manage

Replaces the User Lockout Settings for an org

Request
Request Body schema: application/json
required
preventBruteForceLockoutFromUnknownDevices
boolean
Default: false

Prevents brute-force lockout from unknown devices for the password authenticator.

Responses
200

OK

400

Bad Request

403

Forbidden

429

Too Many Requests

put/attack-protection/api/v1/user-lockout-settings
Request samples
application/json
{
  • "preventBruteForceLockoutFromUnknownDevices": false
}
Response samples
application/json
{
  • "preventBruteForceLockoutFromUnknownDevices": false
}