# okta ### Create okta MFA method This endpoint creates a new MFA method of type Okta. | Method | Path | | ------ | --------------------------- | | `POST` | `/identity/mfa/method/okta` | #### Parameters * `method_name` `(string)` - The unique name identifier for this MFA method. Supported from Vault 1.13.0. * `username_format` `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}@example.com"`. If blank, the Entity's Name field is used as-is. * `org_name` `(string: )` - Name of the organization to be used in the Okta API. * `api_token` `(string: )` - Okta API key. * `base_url` `(string)` - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview\.com, and okta-emea.com. * `primary_email` `(bool: false)` - If set, the username will only match the primary email for the account. #### Sample payload ```json { "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}", "org_name": "dev-262778", "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC" } ``` #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` #### Sample response ```json { "data": { "method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b" } } ``` ### Update okta MFA method This endpoint updates the configuration of an MFA method of type Okta. | Method | Path | | ------ | -------------------------------------- | | `POST` | `/identity/mfa/method/okta/:method_id` | #### Parameters * `method_id` `(string: )` - UUID of the MFA method. * and all of the parameters documented under the preceding "Create" endpoint. #### Sample payload Identical to the preceding "Create" endpoint. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ### Read okta MFA method This endpoint queries the MFA configuration of Okta type for a given method name. | Method | Path | | ------ | -------------------------------------- | | `GET` | `/identity/mfa/method/okta/:method_id` | #### Parameters * `method_id` `(string: )` – UUID of the MFA method. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request GET \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` #### Sample response ```json { "data": { "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC", "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc", "name": "my_okta", "org_name": "dev-262778", "type": "okta", "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}" } } ``` ### Delete okta MFA method This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement. | Method | Path | | -------- | -------------------------------------- | | `DELETE` | `/identity/mfa/method/okta/:method_id` | #### Parameters * `method_id` `(string: )` - UUID of the MFA method. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ### List okta MFA methods This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces. | Method | Path | | ------ | --------------------------- | | `LIST` | `/identity/mfa/method/okta` | #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request LIST \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` #### Sample response ```json { "data": { "keys": [ "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc" ] } } ```