User MFA
Trigger a flow when a user is authenticated through multifactor authentication (MFA).
This operation uses the user.authentication.auth_via_mfa Okta event.
Scopes
See Event cards for the list of required OAuth scopes needed by this card.
Output
Field | Definition | Type |
---|---|---|
Date and Time |
The date and time when the event was triggered in the Okta API. |
Text |
Message |
Any message details about the event. |
Text |
Event ID |
Unique identifier of the event. |
Text |
Event Type |
Type of event that was published. |
Text |
Event Time |
Timestamp when the notification was delivered to the service. |
Text |
Version |
Versioning indicator. |
Text |
Admin |
Okta admin who enrolled the user in MFA. |
Object |
ID |
ID of the Okta admin who enrolled the user in MFA. |
Text |
Alternate ID |
Email address of the Okta admin. |
Text |
Display Name |
Display name of the Okta admin. |
Text |
Type |
Type of Okta admin who enrolled the user in MFA. |
Text |
Okta User |
The Okta user who was authenticated through MFA. |
Object |
ID |
The unique identifier of the Okta user. |
Text |
Alternate ID |
Email address of the Okta user. |
Text |
Display Name |
Display name of the Okta user. |
Text |
UUID |
The universal unique identifier of the webhook event. |
Text |
Event Details |
The raw JSON payload returned from the Okta API for this particular event. |
Object |
Headers |
An object that represents the headers for the response. Each key of the header is parsed into a header string as a key and value pair, for example, Content-Type: text/plain. |
Object |
Source |
The source of any user-specific data. |
Object |
Debug Context |
||
Debug Data |
Information on the triggered event that you can use for debugging. For example, returned data can include a URI, an SMS provider, or a transaction ID. |
Object |
While you can create more user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.
No other fields are supported for users or groups, and this event card doesn't return data from such fields.
Trigger a flow with this card
To trigger a flow using this card, you must use a mobile device and complete the following procedure.
-
Sign in to the Admin Console using a test account.
-
In the Admin Console, go to .
-
Select a factor to activate by selecting Active from the factor's dropdown menu and complete any additional steps. This page displays active factors with green check marks.
For this test, activate the Okta Verify, SMS Authentication, or Security Question factors.
-
In the top-right corner of the Admin Console, click the dropdown menu for your account, and then click My settings.
-
In the Extra Verification section, click Set up for the new factor that you selected and complete the steps to activate that factor.
-
Go to
. -
Verify that the factor that you've set up previously isn't Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required in that factor's dropdown menu and click Update Policy.
-
Go to
. -
Click Add New Okta Sign-on Policy.
-
In the Add Policy dialog, add a descriptive name in the Policy Name field (for example, MFA). Click Create Policy and Add Rule.
-
In the Add Rule dialog, add a descriptive name in the Rule Name field.
-
In the Authentication section, select the Password / Any IDP + Any factor and the Every Time options. Click Create Rule.
-
On the Authentication page, verify that the policy that you created has a status of Active.
-
Sign out from the Admin Console.
-
Sign in again. After entering your username and password, Okta prompts you with an MFA challenge.
Completing the MFA authentication triggers any flow that uses the User MFA event card.