User MFA

Trigger a flow when a user is authenticated through multifactor authentication (MFA).

This operation uses the user.authentication.auth_via_mfa Okta event.

This event card replaces the identical card found in the Okta connector. There's no change in the card name or functionality.

Scopes

See Event cards for the list of required OAuth scopes needed by this card.

Output

Field Definition Type

Date and Time

The date and time when the event was triggered in the Okta API.

Text

Message

Any message details about the event.

Text

Event ID

Unique identifier of the event.

Text

Event Type

Type of event that was published.

Text

Event Time

Timestamp when the notification was delivered to the service.

Text

Version

Versioning indicator.

Text

Admin

Okta admin who enrolled the user in MFA.

Object

ID

ID of the Okta admin who enrolled the user in MFA.

Text

Alternate ID

Email address of the Okta admin.

Text

Display Name

Display name of the Okta admin.

Text

Type

Type of Okta admin who enrolled the user in MFA.

Text

Okta User

The Okta user who was authenticated through MFA.

Object

ID

The unique identifier of the Okta user.

Text

Alternate ID

Email address of the Okta user.

Text

Display Name

Display name of the Okta user.

Text

UUID

The universal unique identifier of the webhook event.

Text

Event Details

The raw JSON payload returned from the Okta API for this particular event.

Object

Headers

An object that represents the headers for the response.

Each key of the header is parsed into a header string as a key and value pair, for example, Content-Type: text/plain.

Object

Source

The source of any user-specific data.

Object

Debug Context

Debug Data

Information on the triggered event that you can use for debugging.

For example, returned data can include a URI, an SMS provider, or a transaction ID.

Object

While you can create more user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.

No other fields are supported for users or groups, and this event card doesn't return data from such fields.

Trigger a flow with this card

To trigger a flow using this card, you must use a mobile device and complete the following procedure.

  1. Sign in to the Admin Console using a test account.

  2. In the Admin Console, go to SecurityMultifactor.

  3. Select a factor to activate by selecting Active from the factor's dropdown menu and complete any additional steps. This page displays active factors with green check marks.

    For this test, activate the Okta Verify, SMS Authentication, or Security Question factors.

  4. In the top-right corner of the Admin Console, click the dropdown menu for your account, and then click My settings.

  5. In the Extra Verification section, click Set up for the new factor that you selected and complete the steps to activate that factor.

  6. Go to SecurityMultifactorFactor Enrollment.

  7. Verify that the factor that you've set up previously isn't Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required in that factor's dropdown menu and click Update Policy.

  8. Go to SecurityAuthenticationSign On.

  9. Click Add New Okta Sign-on Policy.

  10. In the Add Policy dialog, add a descriptive name in the Policy Name field (for example, MFA). Click Create Policy and Add Rule.

  11. In the Add Rule dialog, add a descriptive name in the Rule Name field.

  12. In the Authentication section, select the Password / Any IDP + Any factor and the Every Time options. Click Create Rule.

  13. On the Authentication page, verify that the policy that you created has a status of Active.

  14. Sign out from the Admin Console.

  15. Sign in again. After entering your username and password, Okta prompts you with an MFA challenge.

Completing the MFA authentication triggers any flow that uses the User MFA event card.

Related topics

Okta Devices connector

Okta Devices API

Device lifecycle

Cards in flows