Enrolling and Activating Okta Factors via API
Dec 8, 2025
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview
This article provides guidance regarding enrolling and activating different Okta factors via API calls.
Applies To
- Admin
- API calls
- Multi-Factor Authentication (MFA)
- Factor Enrollment
Solution
In order to enroll and auto-activate a factor for a user, the following API endpoint must be used:
https://{OktaDomainName}/api/v1/users/${userId}/factors?activate=trueDepending on the factor desired to enroll and auto-activate, a different body must be used. At some level, the same API endpoint will be used, but the body will differ based on the factor:
- Email
Here is a screenshot of an example taken from Postman.{ "factorType": "email", "provider": "OKTA", "profile": { "email": "test@email.com " } }
- SMS
{ "factorType": "sms", "provider": "OKTA", "profile": { "phoneNumber": "PhoneNumberGoesHere" } } - Voice Call
{ "factorType": "call", "provider": "OKTA", "profile": { "phoneNumber": "PhoneNumberGoesHere", "phoneExtension": "PhoneExtensionGoesHere" } } - Security question
{ "factorType": "question", "provider": "OKTA", "profile": { "question": "name_of_first_plush_toy", "answer": "AnswerGoesHere" } }
NOTE: In order to get the list of the Okta Security Questions from a user, the following API endpoint must be used:
{{url}}/api/v1/users/{{userId}}/factors/questions
Related References
