Note: In proxy model architectures, where a server-side app using the embedded SDK is used as a proxy between client apps and Okta servers, a request context for the client apps is required. Security enforcement is expected to be based on the client request context's IP address and user agent.
However, since these values are currently being derived from the server app rather than the client, this enforcement isn't available. As a result, network zones or behaviors that drive their conditions based on these request context values (geolocation, IP Address, or user agent) won't work until Okta can find a solution to the issue.
Enable a password and email sign-in flow in your app using the embedded SDK.
Learning outcomes
Configure your Okta org to use the email authenticator.
Challenge a user's identity with password and email factors.
With the embedded SDK, your app can verify a user's identity using a password and then the email authenticator. The email authenticator can complete its verification using
, a one-time passcode (OTP), or a combination of both.