AnkitK.14481 (Customer) asked a question.
We are using @okta/okta-auth-js in a ReactJS SPA, integrated with Okta Identity Engine.
We are facing an issue when trying to enrol a user into a second authenticator (e.g., WebAuthn) after they are already enrolled in an existing authenticator (e.g., Google Authenticator).
Okta's default behaviour is to challenge the already-enrolled authenticator (challenge-authenticator step), instead of providing the select-authenticator-enrol step to allow the user to enrol a new one.
When we call: "await oktaAuth.idx.start();"
We are getting the challenge-authenticator step instead of select-authenticator-enroll, which starts the login flow instead of an enrollment flow.
We want to trigger enrollment explicitly, even when the user is already enrolled with an authenticator. This is required to support use cases such as enrolling in WebAuthn/Passkey after GA is already set up.
What We Tried:
- Called oktaAuth.idx.start() — but it triggers login and not enrollment.
- Tried oktaAuth.idx.proceed() — but options only include challenge-authenticator, not enrollment.
Hi @AnkitK.14481 (Customer) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-custom/developer work).
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.