0cw2z (0cw2z) asked a question.
Unattended Okta MFA using Secret Key in RPA activities
Hi All,
We have Okta MFA enabled on our accounts that are used for RPA activities. We've provided the automated activities to use the secret key to generate the 6 digit code instead of push mobile notifications as this is an unattended process to login. However, our organization is increasing the level of security by randomly asking the user to confirm 1 of 3 numbers displayed on their push notifications. What would the chnage be for an unattended login perspective if the activity at the time is chosen to pick a number (to differentiate itself from a robot- the irony 🙂 )
Thanks
Hi @0cw2z (0cw2z),
Thank you for posting on the Okta community page!
I am not sure I have understood your question entirely but if no number is selected, most likely this will result in an MFA failure event in which after 5 MFA failures, the account in question will be locked out.
Additionally, I would assume that the 3 number verification challenge cannot be configured for unattended login as this challenge appears when Okta detects an unusual sign in attempt and it requires user interaction to make sure that the attempt it's not an unwanted login.
I hope the above information is useful!