Okta Email Authenticator Resend Prompt Timer Behavior
Last Updated:
Overview
The Okta-hosted Sign-In Widget enforces a 30-second cooldown period before displaying the prompt to resend an Email Authenticator One-Time Password (OTP). To customize this behavior, administrators must implement a programmatic solution using the Factors API or deploy a self-hosted Sign-In Widget. Users observe that the prompt to resend the email OTP only becomes available after 30 seconds if the initial OTP remains unentered.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Okta-hosted Sign-In Widget
- Self-hosted Sign-In Widget
- Multi-factor Authentication (MFA)
- Email Authenticator
Cause
Why is there a delay before resending the email OTP?
The Okta-hosted Sign-In Widget configuration enforces a strict 30-second cooldown period for sending new OTP requests. This mechanism prevents customization of the default timer within the hosted widget.
Solution
How can the email OTP resend timer be customized?
The default timer lacks direct customization options. Choose one of the following methods to modify the resend behavior:
-
Integrate a self-hosted version of the Sign-In Widget.
-
Develop a programmatic solution utilizing the Factors API.
The API endpoint imposes a strict minimum limit of 5 seconds between requests. Submit verification requests using the following endpoint:
<url>/api/v1/users/<userId>/factors/<factorId>/verify
Ensure the replacement of the <factorId> variable with the correct email authenticator factor ID.
