End-user Enrollments

The End-user Enrollments API provides operations for end users to manage their own authenticator enrollments.

Use the operations by entering a URL with the required values in your browser. For example, enter https://{yourOktaDomain}/idp/bootstrap/enroll-authenticator/{authenticatorId}?redirect_uri=https://example.com with the domain of your org and the authenticator ID you want to enroll.

Enroll an authenticator
Identity Engine

Enrolls an authenticator.

You're redirected to the authenticator enrollment page. The authenticators that you're allowed to enroll are determined by your org's authenticator enrollment policies.

After enrolling an authenticator, you're redirected to the redirect_uri. If a redirect_uri isn't set, then you're redirected to your default app. The default app can vary depending on your org. See Set up a default app redirect.

Note: If you use this API and you don't have an active session, you're prompted to sign in to your org before using it.

Request
path Parameters
authenticatorId
required
string

The id of the authenticator. Use the List all authenticators endpoint to find the authenticator ID.

Example: authw3hjmw4tHKIBU6d7
query Parameters
redirect_uri
string

Specify a redirect URI where the end user is redirected after a successful operation. If no redirect URI is specified, the end user is redirected to the default app. You must add the redirect URI as a trusted origin.

Add a redirect_uri to your URL by using a ? operator.

Example: redirect_uri=https://example.com
Responses
200

Enroll an authenticator

429

Too Many Requests

get/idp/bootstrap/enroll-authenticator/{authenticatorId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000047",
  • "errorSummary": "You exceeded the maximum number of requests. Try again in a while.",
  • "errorLink": "E0000047",
  • "errorId": "sampleQPivGUj_ND5v78vbYWW",
  • "errorCauses": [ ]
}

Unenroll an authenticator
Identity Engine

Unenrolls an authenticator.

After you unenroll an authenticator, you're redirected to the redirect_uri. If a redirect_uri isn't set, then you're redirected to your default app. The default app can vary depending on your org. See Set up a default app redirect.

Note: If you use this API and you don't have an active session, you're prompted to sign in to your org before using it.

Request
path Parameters
enrollmentId
required
string

The id of the authenticator enrollment. Use the List all enrollments endpoint to find the enrollment ID.

Example: opfhw7iuh7Gxke4Zq5d7
query Parameters
redirect_uri
string

Specify a redirect URI where the end user is redirected after a successful operation. If no redirect URI is specified, the end user is redirected to the default app. You must add the redirect URI as a trusted origin.

Add a redirect_uri to your URL by using a ? operator.

Example: redirect_uri=https://example.com
Responses
200

Unenroll an authenticator

429

Too Many Requests

get/idp/bootstrap/unenroll-authenticator/{enrollmentId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000047",
  • "errorSummary": "You exceeded the maximum number of requests. Try again in a while.",
  • "errorLink": "E0000047",
  • "errorId": "sampleQPivGUj_ND5v78vbYWW",
  • "errorCauses": [ ]
}