Skip to content

Latest commit

 

History

History
147 lines (106 loc) · 3.66 KB

okta.mdx

File metadata and controls

147 lines (106 loc) · 3.66 KB
Raw
layout page_title description
api
/identity/mfa/method/okta - HTTP API
The '/identity/mfa/method/okta' endpoint focuses on managing Okta MFA behaviors in Vault.

Configure Okta MFA Method

This endpoint defines an MFA method of type Okta.

Method Path
POST /identity/mfa/method/okta/:id

Parameters

  • id (string: "") - Optional UUID to specify if updating an existing method.

  • username_format (string) - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}@example.com". If blank, the Entity's Name field is used as-is.

  • org_name (string: <required>) - Name of the organization to be used in the Okta API.

  • api_token (string: <required>) - Okta API key.

  • base_url (string) - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.

  • primary_email (bool: false) - If set, the username will only match the primary email for the account.

Sample Payload

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "org_name": "dev-262778",
  "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

Read Okta MFA Method

This endpoint queries the MFA configuration of Okta type for a given method name.

Method Path
GET /identity/mfa/method/okta/:id

Parameters

  • id (string: <required>) – UUID of the MFA method.

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

Sample Response

{
  "data": {
    "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC",
    "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc",
    "name": "my_okta",
    "org_name": "dev-262778",
    "type": "okta",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
  }
}

Delete Okta MFA Method

This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement.

Method Path
DELETE /identity/mfa/method/okta/:id

Parameters

  • id (string: <required>) - UUID of the MFA method.

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

List Okta MFA Methods

This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.

Method Path
LIST /identity/mfa/method/okta

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta

Sample Response

{
  "data": {
    "keys": [
      "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
    ]
  }
}