Authenticator Admin API enables an Org Administrator to configure which authenticators are available to end users to be used for signing into applications.
End users would be required to use one or more authenticators depending on the security requirements of the application sign-on policy.
IDX currently supports authenticators for the following:
https://oktawiki.atlassian.net/wiki/pages/viewpage.action?pageId=123044714
Currently Okta enduser UI shows "Remember Device" whenever the policy that requires MFA is either time based or device based. The requirement is to show a meaningful message instead of a generic "Remember Device" message along with the checkbox.
Please refer to the requirements document mentioned above for details.
In order for the Okta API caller to show the meaningful message (or to hide the checkbox altogether), the policy evaluation details need to be populated in the response whenever MFA is required.
| POST /api/v1/trusted-domains | |
| ```json | |
| { | |
| "name": "test", | |
| "baseUrl": "https://trustme.domain.com", | |
| "scopes": [ | |
| {"type": "cors"}, | |
| {"type": "redirect"} | |
| ] | |
| } |
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
#Enroll (From UserAgent):
##Request POST {{url}}/api/v1/users/{{userId}}/factors
{
"factorType" : "push",
"provider" : "okta"
}
| Assumptions: | |
| 1. There would be a "Default" SignOn Policy that "ALLOW" by default on successful authentication | |
| 2. There would be a "Default" MFA Policy thats allows "ALL" configured factors to be enrolled/challenged | |
| Policy Configuration Flow: | |
| 1. Admin configures "Sign-on" Policy with "factor required" rule | |
| 2. Admin then configures "MFA" Policy with list of allowed factors for the Groups | |
| 3. (Nice to have) There should be a "Find Policy" button to preview which policy would be evaluated given a User Group / Users | |