User MFA
Trigger a flow when a user is authenticated through multifactor authentication (MFA).
Output
| Field | Definition | Type |
|---|---|---|
| Date and Time | Date and time that the event was triggered in the Okta API. | String |
| Message | Message details about the event. | String |
| Event ID | Unique identifier of the event. | String |
| Event Type | Type of event that was published. | String |
| Event Time | Timestamp when the notification was delivered to the service. | String |
| Version |
Versioning indicator. |
String |
| Admin | Okta admin who enrolled the user in MFA. | Object |
| ID | ID of the Okta admin who enrolled the user in MFA. | String |
| Alternate ID | Email address of the Okta admin. | String |
| Display Name | Display name of the Okta admin. | String |
| Type | Type of Okta admin who enrolled the user in MFA. | String |
| Okta User | Okta user who was authenticated through MFA. | Object |
| ID | ID of the Okta user. | String |
| Alternate ID | Email address of the Okta user. | String |
| Display Name | Display name of the Okta user. | String |
| UUID | Webhook event's universal unique identifier. | String |
| Event Details | Raw JSON payload returned from the Okta API for this particular event. | Object |
| Headers | Object representing the headers for the response; each key of the header will be parsed into a header string as "key: value" (Content-Type: text/plain). |
Object |
| Source | Source of user-specific data. | Object |
| Debug Context | ||
| Debug Data | Information on the triggered event used for debugging; for example, returned data can include a URI, an SMS provider, or transaction ID. | Object |
While you can create additional user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.
No other fields are supported for users or groups, and data from such fields isn't returned by this event card.
Trigger a flow with the User MFA event card
To trigger a flow, you must use a mobile device and complete these steps:
-
In the Admin Console, navigate to Security > Multifactor.
-
Select a factor to activate by selecting Active from the factor's drop-down, then complete any additional steps. Factors that are already activated are designated as such with green check marks.
It is recommended that you activate the Okta Verify, SMS Authentication, or Security Question factors.
-
In the top right corner of the Admin Console, click the account drop-down then click My settings.
-
In the Extra Verification section, click Set up for the new factor that you selected previously, then complete the steps to activate that factor.
-
Return to the Admin Console, and navigate to Security > Multifactor > Factor Enrollment.
-
Verify that the factor that you've set up previously is not have a status of Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required for that factor's drop-down, then click Update Policy.
-
Navigate to Security > Authentication > Sign On.
-
Click Add New Okta Sign-on Policy.
-
In the Add Policy dialog box, add a string in the Policy Name field (for example,
MFA), then click Create Policy and Add Rule. -
In the Add Rule dialog, add a string in the Rule Name field.
-
In the Authentication section, make sure that the Password / Any IDP + Any factor and the Every Time options are selected, then click Create Rule.
-
On the Authentication page, verify that the policy that you've just created has a status of Active.
-
Sign out from Okta.
-
Sign in again. After entering your username and password, you will be prompted for an MFA challenge.
Once you complete the MFA authentication, the User MFA event card will be triggered.