User MFA

Trigger a flow when a user is authenticated through multifactor authentication (MFA).

Output

Field Definition Type
Date and Time Date and time that the event was triggered in the Okta API. String
Message Message details about the event. String
Event ID Unique identifier of the event. String
Event Type Type of event that was published. String
Event Time Timestamp when the notification was delivered to the service. String
Version

Versioning indicator.

String
Admin Okta admin who enrolled the user in MFA. Object
ID ID of the Okta admin who enrolled the user in MFA. String
Alternate ID Email address of the Okta admin. String
Display Name Display name of the Okta admin. String
Type Type of Okta admin who enrolled the user in MFA. String
Okta User Okta user who was authenticated through MFA. Object
ID ID of the Okta user. String
Alternate ID Email address of the Okta user. String
Display Name Display name of the Okta user. String
     
UUID Webhook event's universal unique identifier. String
     
Event Details Raw JSON payload returned from the Okta API for this particular event. Object
     
Headers Object representing the headers for the response; each key of the header will be parsed into a header string as "key: value" (Content-Type: text/plain). Object
     
Source Source of user-specific data. Object
Debug Context
Debug Data Information on the triggered event used for debugging; for example, returned data can include a URI, an SMS provider, or transaction ID. Object
Note

While you can create additional user or group fields for an Okta event, the Okta API only supports four fields for Okta connector event cards: ID, Alternate ID, Display Name, and Type. Values will be returned for these four input fields only. No other fields are supported for users or groups, and data from such fields will not be returned by this event card.

Trigger a flow with the User MFA event card

To trigger a flow, you must use a mobile device and complete these steps:

  1. In the Admin Console, navigate to Security > Multifactor.

  2. Select a factor to activate by selecting Active from the factor's drop-down, then complete any additional steps. Factors that are already activated are designated as such with green check marks.

    It is recommended that you activate the Okta Verify, SMS Authentication, or Security Question factors.

  3. In the top right corner of the Admin Console, click the account drop-down then click My settings.

  4. In the Extra Verification section, click Set up for the new factor that you selected previously, then complete the steps to activate that factor.

  5. Return to the Admin Console, and navigate to Security > Multifactor > Factor Enrollment.

  6. Verify that the factor that you've set up previously is not have a status of Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required for that factor's drop-down, then click Update Policy.

  7. Navigate to Security > Authentication > Sign On.

  8. Click Add New Okta Sign-on Policy.

  9. In the Add Policy dialog box, add a string in the Policy Name field (for example, MFA), then click Create Policy and Add Rule.

  10. In the Add Rule dialog, add a string in the Rule Name field.

  11. In the Authentication section, make sure that the Password / Any IDP + Any factor and the Every Time options are selected, then click Create Rule.

  12. On the Authentication page, verify that the policy that you've just created has a status of Active.

  13. Sign out from Okta.

  14. Sign in again. After entering your username and password, you will be prompted for an MFA challenge.

    Once you complete the MFA authentication, the User MFA event card will be triggered.

Related topics

Okta connector

About the elements of Okta Workflows

Guidance for Okta connector

Okta API