okta

Create okta MFA method

This endpoint creates a new MFA method of type Okta.

Parameters

• method_name (string) - The unique name identifier for this MFA method. Supported from Vault 1.13.0.

• username_format (string) - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}@example.com". If blank, the Entity's Name field is used as-is.

• org_name (string: <required>) - Name of the organization to be used in the Okta API.

• api_token (string: <required>) - Okta API key.

• base_url (string) - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.

• primary_email (bool: false) - If set, the username will only match the primary email for the account.

Sample payload

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "org_name": "dev-262778",
  "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}

Sample request

Sample response

Update okta MFA method

This endpoint updates the configuration of an MFA method of type Okta.

Parameters

• method_id (string: <required>) - UUID of the MFA method.

• and all of the parameters documented under the preceding "Create" endpoint.

Sample payload

Identical to the preceding "Create" endpoint.

Sample request

Read okta MFA method

This endpoint queries the MFA configuration of Okta type for a given method name.

Parameters

• method_id (string: <required>) – UUID of the MFA method.

Sample request

Sample response

Delete okta MFA method

This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement.

Parameters

• method_id (string: <required>) - UUID of the MFA method.

Sample request

List okta MFA methods

This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.

Sample request

Sample response