d9gyy (d9gyy) asked a question.
Hello,
I am a newbie on Okta, and I am struggling with Multifactor authentication and the sequence of API I need to trigger to achieve it.
My goal is simple, enforce MFA with password and OTP sent by email, leveraging the APIs.
I have defined a global policy for a particular user group, to authenticate with password + 1 factor.
I create a user with the appropriate profile.
I enroll an Email Factor for him with the corresponding API, and the result is ACTIVE.
First question : I haven't found a way to activate the factor by receiving an OTP by email then verifying it, it's ACTIVE by default.
I call the primary authenticate api, and get the MFA_ENROLL status and a stateToken.
I don't understand why I get this status since I already enrolled a factor for the user. I would expect MFA_REQUIRED.
I call the verify api for Okta to send the OTP by email, which I receive in my mailbox.
I call the verify api to validate the OTP after copying/pasting it, I receive "factorResult": "SUCCESS", but no sessionToken.
When I call the {{url}}/api/v1/authn with the first stateToken I received from the primary authentication, the status is still MFA_ENROLL, and I don't get any sessionToken.
My question is quite basic I think: what sequence of APIs I need to trigger, to authenticate a user with password and OTP, to get a complete transaction and a session token?
Thanks !
Hi, @d9gyy (d9gyy)
Thank you for posting on our Community page and welcome to OKTA!
I did some research and found some articles that might help with your use case:
Hope this helps!
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
If my answer helped, remember to select it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
_____________________________________________________________________________
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
_____________________________________________________________________________
I am sorry but your answer does not help, I had already reviewed all those pages before asking my question.
The documentation of Okta is very good, but :
1 – it seems to refer to a previous version of okta, since lots of the screen and menus indiation is outdated.
2 – the flat list of APIs is described, and the Postman projects are available per family, which is very very very good. But there are no descriptions related to how to orchestrate them, and that is precisely my question. My goal is to execute this workflow using APIs :
1 – User signs-up with login, email and password.
2 – An account is created, but not yet activated. An email is sent to the user with an activation link.
3 – Once the user clicks on the link, the account is activated.
Unfortunately I have to implement this with APIs, because there are other APIs calls to other systems to verifty that the user is allowed to create an account.
Can you help detailing the exact sequence of APIs I need to trigger for implementing this case?
Thanks and regards,
Joel Bloch