MyAccount Management

The MyAccount App Authenticators API provides operations to enroll, update, and delete an app authenticator. The API also allows users to view and verify pending notification challenges. The API only supports custom authenticators. See the Custom authenticator integration guide.

The MyAccount Authenticators API provides operations to list all available authenticators and enrollments.

The MyAccount Email API provides operations to enroll, update, and delete emails. The API also provides utilities to create, view, and answer verification challenges.

Note: The Okta account management policy doesn't support the MyAccount Email API. See Configure an Okta account management policy.

The MyAccount Profile API provides operations to view the Okta apps list. Okta creates and maintains Okta apps, or first-party apps, for example, the Admin Console and End-User Dashboard.

The MyAccount Profile API provides operations to view org details.

The MyAccount Password API provides operations to enroll, update, and delete passwords.

Note: The Okta account management policy doesn't support the MyAccount Password API. See Configure an Okta account management policy.

The MyAccount Phone API provides operations to enroll, update, and delete phone numbers. The API also provides utilities to create, view, and answer verification challenges.

Note: The Okta account management policy doesn't support the MyAccount Phone API. See Configure an Okta account management policy.

The MyAccount Profile API provides operations to enroll and update profile fields. The API also allows viewing of all allowed profile fields.

The MyAccount Sessions API provides operations to manage sessions.

See sessions for more information.

The MyAccount WebAuthn API provides operations to enroll, list, and delete WebAuthn enrollments.

Note: When the Passkeys Rebrand self-service Early Access feature is enabled, the FIDO2 (WebAuthn) authenticator is called Passkeys (FIDO2 WebAuthn), and there are new settings and updates to the authenticator page layout.

See Configure the FIDO2 (WebAuthn) authenticator and settings. To enable the Passkeys Rebrand feature, see Enable self-service features.

The registration for a WebAuthn authenticator (also known as the "attestation ceremony") involves a challenge request and response. When you enroll a WebAuthn authenticator, use the following endpoints in this order:

1. Start a WebAuthn enrollment. This endpoint returns a random challenge and other data from the Relying Party (RP).
2. Create a WebAuthn enrollment. This endpoint creates and sends a signed response that contains the challenge and other data from the RP.