When attempting to direct a user to a specific URL to enroll in an authenticator, the user is redirected to the login page to authenticate first. Upon successful authentication, the original from URI is lost, and the user is redirected to the Okta Dashboard instead of the intended authenticator enrollment page.
- Okta Identity Engine (OIE)
- Multi-Factor Authentication (MFA) Enrollment
- End-user Enrollments API
The direct link provided to the user does not persist the destination context through the authentication flow. Consequently, the redirection logic defaults to the Okta Dashboard after the user signs in.
To ensure the user returns to the enrollment flow after authentication, use the End-user Enrollments API bootstrap operation. This allows end users to manage their own enrollments by entering a constructed URL in their browser.
-
Construct a URL using the following format:
https://{OktaDomainName}/idp/bootstrap/enroll-authenticator/{authenticatorId}?redirect_uri={redirectURL} -
Replace the placeholders with the required values:
-
- {OktaDomainName}: The domain of the Okta organization.
- {authenticatorId}: The ID of the specific authenticator the user needs to enroll.
- {redirectURL}: The full URL where the user should be sent after enrollment is complete (for example,
https://example.com).
-
Provide the final URL to the end user. When they enter this in their browser, they will be guided through authentication and correctly land on the enrollment page.
