The Factors API provides operations to enroll, manage, and verify factors for multifactor authentication (MFA). Manage both administration and end-user accounts, or verify an individual factor at any time.
okta.users.read
Lists all enrolled Factors for the specified user
Success
Forbidden
Not Found
Too Many Requests
[- {
- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": { },
- "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
]
okta.users.manage
Enrolls a supported Factor for the specified user
updatePhone | boolean Default: false If |
templateId | string ID of an existing custom SMS template. See the SMS Templates API. Only used by Example: templateId=cstk2flOtuCMDJK4b0g3 |
tokenLifetimeSeconds | integer <int32> [ 1 .. 86400 ] Default: 300 Defines how long the token remains valid |
activate | boolean Default: false If |
Factor
factorType | string (UserFactorType) Type of Factor | ||||
object Specific attributes related to the Factor | |||||
| |||||
provider | string (UserFactorProvider) Provider for the Factor | ||||
status | string (UserFactorStatus) Status of the Factor |
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "factorType": "call",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE"
}
{- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.users.read
Lists all the supported Factors that can be enrolled for the specified user
Success
Forbidden
Not Found
Too Many Requests
[- {
- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": { },
- "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
]
Lists all available Security Questions for the specified user
Success
Forbidden
Not Found
Too Many Requests
[- {
- "question": "disliked_food",
- "questionText": "What is the food you least liked as a child?"
}, - {
- "question": "name_of_first_plush_toy",
- "questionText": "What is the name of your first stuffed animal?"
}, - {
- "question": "first_award",
- "questionText": "What did you earn your first medal or award for?"
}
]
okta.users.read
Retrieves an existing Factor for the specified user
Success
Forbidden
Not Found
Too Many Requests
{- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.users.manage
Unenrolls an existing Factor for the specified user. This allows the user to enroll a new Factor.
Note: If you unenroll the
push
or thesigned_nonce
Factors, Okta also unenrolls any othertotp
,signed_nonce
, or Okta Verifypush
Factors associated with the user.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.users.manage
Activates a Factor. The sms
and token:software:totp
factor types require activation to complete the enrollment process.
Okta enforces a rate limit of five activation attempts within five minutes. After a user exceeds the rate limit, Okta returns an error message.
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "attestation": "string",
- "clientData": "string",
- "passCode": "string",
- "registrationData": "string",
- "stateToken": "string"
}
{- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.users.manage
Resends an sms
, call
, or email
factor challenge as part of an enrollment flow.
For call
and sms
factors, Okta enforces a rate limit of one OTP challenge per device every 30 seconds. You can configure your sms
and call
factors to use a third-party telephony provider. See the Telephony inline hook reference. Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS and Call OTPs across different carriers.
Note: Resend operations aren't allowed after a factor exceeds the activation rate limit. See Activate a Factor.
templateId | string ID of an existing custom SMS template. See the SMS Templates API. Only used by Example: templateId=cstk2flOtuCMDJK4b0g3 |
factorType | string (UserFactorType) Type of Factor | ||||
object Specific attributes related to the Factor | |||||
| |||||
provider | string (UserFactorProvider) Provider for the Factor | ||||
status | string (UserFactorStatus) Status of the Factor |
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "factorType": "call",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE"
}
{- "created": "2019-08-24T14:15:22Z",
- "factorType": "call",
- "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "profile": {
- "phoneExtension": "string",
- "phoneNumber": "+15554151337"
}, - "provider": "CUSTOM",
- "status": "ACTIVE",
- "vendorName": "OKTA",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.users.read
Retrieves the status of a push
Factor verification transaction
Success
Forbidden
Not Found
Too Many Requests
{- "expiresAt": "2019-08-24T14:15:22Z",
- "factorResult": "CHALLENGE",
- "factorResultMessage": "string",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.users.manage
Verifies an OTP for a Factor. Some Factors (call
, email
, push
, sms
, u2f
, and webauthn
) require Okta to issue a challenge to initiate the transaction. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.
Note: To verify a push
factor, use the poll link returned when you issue the challenge. See Retrieve a Factor Transaction Status.
templateId | string ID of an existing custom SMS template. See the SMS Templates API. Only used by Example: templateId=cstk2flOtuCMDJK4b0g3 |
tokenLifetimeSeconds | integer <int32> [ 1 .. 86400 ] Default: 300 Defines how long the token remains valid |
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "activationToken": "string",
- "answer": "string",
- "attestation": "string",
- "clientData": "string",
- "nextPassCode": 3956685498,
- "passCode": "string",
- "registrationData": "string",
- "stateToken": "string"
}
{- "expiresAt": "2019-08-24T14:15:22Z",
- "factorResult": "CHALLENGE",
- "factorResultMessage": "string",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}