Skip to content

Instantly share code, notes, and snippets.

@srinivasanagandla-okta

srinivasanagandla-okta/gist:c6ac0d920e5f2ad2d527 Secret

Last active August 29, 2015 13:59
Show Gist options
  • Save srinivasanagandla-okta/c6ac0d920e5f2ad2d527 to your computer and use it in GitHub Desktop.
Save srinivasanagandla-okta/c6ac0d920e5f2ad2d527 to your computer and use it in GitHub Desktop.
Download ZIP
MFA Admin API
Raw
gistfile1.md

MFA Admin API

MFA Admin API enables "Org Administrators" to setup the Factors so that the Users can enroll for those and use them for 2nd Factor Authentication.

Responsibilities of Admin API include:

  • Org Level Operations
  • Setup/Update/Delete a Factor for the Org
  • Enable/Disable a Factor across the Org
  • Bulk enroll users for a factor
  • User Level Operations
  • Provide overrides in terms of temporary/bypass codes for end Users to authenticate
  • Enable/Disable Factor for a particular User
  • Unlock (clear lock Status) a User for the given Factor
  • Reporting
  • Get registered factors for a User
  • Get factor enrollment information for a User
  • Get list of a Users based on factor criteria (factor=x,status=y,lastAuthNStatus=z)

Note: I have excluded setting up the MFA Access Policy from this list as it would be a policy level task and not necessarily an MFA API item.

List Org Factors

GET /api/v1/org/factors

Response Parameters
Parameter Description Param Type DataType Required Default
id Id of the Org Factor Body String Yes
factorType Factor Type Body String Yes
provider Provider of the factor Body String Yes
status Status of the factor Body Boolean

Configure/Setup a Factor for the Org

Question: What if the factor configuration is already there in DB? Should there be a overwrite flag?

POST /api/v1/factors/

Request Parameters
Parameter Description Param Type DataType Required Default
factorType Factor Type URL String Yes None
provider Provider Body String Yes orn:okta:factor:providers:okta
settings Factor Configuration Information Body [Factor Configuration] () Yes None
validateAndActivate Flag to indicate whether the configuration has to be validated and activated Body Boolean Yes No
Response Parameters
Parameter Description Param Type DataType Required Default
id Id of the Org Factor Body String
factorType Factor Types Body String Yes
provider Provider Body String Yes
status Status of the Factor Body Factor Config Status Yes

Update Org Factor Configuration

PUT /api/v1/factors/{id}

Request Parameters
Parameter Description Param Type DataType Required Default
id Org Factor Id URL String Yes None
factorType Factor Type URL String Yes None
config Factor Configuration Information Body [Factor Configuration] () Optional None
validateAndActivate Flag to indicate whether the configuration has to be validated and activated Body Boolean Yes No
Response Parameters
Parameter Description Param Type DataType Required Default
id Id of the Org Factor Body String
factorType Factor Types Body String Yes
provider Provider Body String Yes
status Status of the Factor Body Factor Config Status Yes

Get Org Factor Configuration

GET /api/v1/factors/{id}

Request Parameters
Parameter Description Param Type DataType Required Default
id Org Factor Id URL String Yes None
Response Parameters
Parameter Description Param Type DataType Required Default
id Id of the Org Factor Body String
factorType Factor Type Body String Yes
provider Provider Body String Yes
config Factor Configuration Information Body [Factor Configuration] () Yes None
status Status of the Factor Body Factor Config Status Yes

Disable Org Factor

DELETE /api/v1/factors/{id}

Request Parameters
Parameter Description Param Type DataType Required Default
id Org Factor Id URL String Yes None
Response Parameters

None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment