Use case is for user migration with an already verified phone number.

As per this link https://support.okta.com/help/s/article/okta-factors-api?language=en_US

and https://developer.okta.com/docs/reference/api/factors/#enroll-okta-sms-factor

It seems to be possible to auto enroll an sms factor. using Admin SSWS token.

Replace the below number with real one to try.

curl -v -X POST \

-H "Accept: application/json" \

-H "Content-Type: application/json" \

-H "User-Agent: Mozilla/5.0" \

-H "Authorization: SSWS ${api_token}" \

-d '{

 "factorType": "sms",

 "provider": "OKTA",

 "profile": {

  "phoneNumber": "+1-555-415-1337"

 }

}' "https://${yourOktaDomain}/api/v1/users/${userId}/factors?activate=true"

But when the API is used with super admin SSWS token it returns an error

{

  "errorCode": "E0000006",

  "errorSummary": "You do not have permission to perform the requested action",

  "errorLink": "E0000006",

  "errorId": "oae60vhUKLgR2iS_SNyhddFYw",

  "errorCauses": []

}

All other APIs are working correctly with the same SSWS token including the user create.