# okta

### Create okta MFA method <a href="#create-okta-mfa-method" id="create-okta-mfa-method"></a>

This endpoint creates a new MFA method of type Okta.

| Method | Path                        |
| ------ | --------------------------- |
| `POST` | `/identity/mfa/method/okta` |

#### Parameters <a href="#parameters" id="parameters"></a>

* `method_name` `(string)` - The unique name identifier for this MFA method. Supported from Vault 1.13.0.
* `username_format` `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}@example.com"`. If blank, the Entity's Name field is used as-is.
* `org_name` `(string: <required>)` - Name of the organization to be used in the Okta API.
* `api_token` `(string: <required>)` - Okta API key.
* `base_url` `(string)` - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview\.com, and okta-emea.com.
* `primary_email` `(bool: false)` - If set, the username will only match the primary email for the account.

#### Sample payload <a href="#sample-payload" id="sample-payload"></a>

```json
{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "org_name": "dev-262778",
  "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}
```

#### Sample request <a href="#sample-request" id="sample-request"></a>

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta
```

#### Sample response <a href="#sample-response" id="sample-response"></a>

```json
{
  "data": {
    "method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b"
  }
}
```

### Update okta MFA method <a href="#update-okta-mfa-method" id="update-okta-mfa-method"></a>

This endpoint updates the configuration of an MFA method of type Okta.

| Method | Path                                   |
| ------ | -------------------------------------- |
| `POST` | `/identity/mfa/method/okta/:method_id` |

#### Parameters <a href="#parameters-1" id="parameters-1"></a>

* `method_id` `(string: <required>)` - UUID of the MFA method.
* and all of the parameters documented under the preceding "Create" endpoint.

#### Sample payload <a href="#sample-payload-1" id="sample-payload-1"></a>

Identical to the preceding "Create" endpoint.

#### Sample request <a href="#sample-request-1" id="sample-request-1"></a>

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```

### Read okta MFA method <a href="#read-okta-mfa-method" id="read-okta-mfa-method"></a>

This endpoint queries the MFA configuration of Okta type for a given method name.

| Method | Path                                   |
| ------ | -------------------------------------- |
| `GET`  | `/identity/mfa/method/okta/:method_id` |

#### Parameters <a href="#parameters-2" id="parameters-2"></a>

* `method_id` `(string: <required>)` – UUID of the MFA method.

#### Sample request <a href="#sample-request-2" id="sample-request-2"></a>

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```

#### Sample response <a href="#sample-response-1" id="sample-response-1"></a>

```json
{
  "data": {
    "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC",
    "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc",
    "name": "my_okta",
    "org_name": "dev-262778",
    "type": "okta",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
  }
}
```

### Delete okta MFA method <a href="#delete-okta-mfa-method" id="delete-okta-mfa-method"></a>

This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement.

| Method   | Path                                   |
| -------- | -------------------------------------- |
| `DELETE` | `/identity/mfa/method/okta/:method_id` |

#### Parameters <a href="#parameters-3" id="parameters-3"></a>

* `method_id` `(string: <required>)` - UUID of the MFA method.

#### Sample request <a href="#sample-request-3" id="sample-request-3"></a>

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```

### List okta MFA methods <a href="#list-okta-mfa-methods" id="list-okta-mfa-methods"></a>

This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.

| Method | Path                        |
| ------ | --------------------------- |
| `LIST` | `/identity/mfa/method/okta` |

#### Sample request <a href="#sample-request-4" id="sample-request-4"></a>

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta
```

#### Sample response <a href="#sample-response-2" id="sample-response-2"></a>

```json
{
  "data": {
    "keys": [
      "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
    ]
  }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/api/secrets-engines/identity/mfa/okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.