q5nrb (q5nrb) asked a question.
Hi,
I am fiddling with a flow where I try to identify if Google Authenticator was used as multifactor token. User Signed In is the flow trigger, but that one doesn't detail what factor was used. I've ended up using an Okta Custom API action using this call:
/api/v1/logs?since=DATE AND TIME&filter=eventType eq "user.authentication.auth_via_mfa" and target.id eq "ID"&limit=1
When I review the flow history, I do get Status Code 200 and a header - but the body is only "[]". If I replay the card, I do get the body populated with the response I am looking for. Same if I run the same in Postman. But I do not get why the response body isn't captured properly when the flow is actually running.
So, 1) is it a better way to do this? or 2) What am I doing wrong?
FYI - I did have to update the API scopes (okta.logs.read) and reauthorize the connector before I started to get succes with testing the custom API call in the flow.
Thanks,
Mads
Solved 🥳
I've solved the empty body problem. Workflows is just too fast for itself, adding a "Wait for 1 minute" card works. Speed is not of essence here. Now I faceed another challenge. We are about to flip the factor sequence, from username - pwd - mfa to username - mfa and eventual password. For Google Authenticator password is always required. Since Okta records password sign on events as "user.authentication.auth_via_mfa", there can be 1 to 10 entries after the actual google authenticator record.
So the new api call is now:
/api/v1/logs?since=DATE AND TIME&filter=eventType eq "user.authentication.auth_via_mfa" and target.id eq "ID"&limit=10
where the DATE AND TIME is the User Signed In | (Output) Date and Time - (minus) two minutes.
Then using the JSON strigify card, and then the Text find card. It looks like this:
Did I say 🥳? 😄