Since Okta Verify OTP cannot be disabled on OIE tenants as this is enabled by default and Factor Sequencing is not supported on Okta Identity Engine (OIE), an API Call to remove Okta Verify OTP (Code) without removing Okta Verify Push can be run.
- Okta Identity Engine (OIE)
- Multi-Factor Authentication (MFA)
- Okta Verify OTP
There is no option to remove the Okta Verify OTP from the User Interface (UI). This will require to setup Postman or any other application that can make API calls as well as having the User API Collection and the Factors API collection.
-
Before running an API Call: When users log in, they see two options for Okta Verify: one to get a push notification and one to enter a code.
First, the user ID is needed to delete a factor for a user. This can be seen in the use profile URL or with a GET User API call.
- With the user ID, they will need to make a List Factor API call for that user to obtain the OTP factor ID.
-
In the response from the List factors they will see all the factors enrolled for that user. The ID for the Okta Verify OTP is the one above
"factorType": "token:software:totp". -
With the UserID and FactorID, they can make a Delete API call for that factor for that user.
-
Now, log in to the Okta Org OIE Tenant.
-
After running an API Call, it should automatically prompt with Okta Verify Push.
Okta System Log would show a successful removal of Okta Verify OTP.
NOTE: If an admin resets the MFA, the Okta Verify OTP will be enabled again.
Related References
