User MFA

Trigger a flow when a user is authenticated through multifactor authentication (MFA).

This event card is being deprecated from the Okta connector. Replace this event card with the identical card found in the Okta Devices connector. There's no change in the card name or functionality.


Field Definition Type
Date and Time Date and time that the event was triggered in the Okta API. String
Message Message details about the event. String
Event ID Unique identifier of the event. String
Event Type Type of event that was published. String
Event Time Timestamp when the notification was delivered to the service. String

Versioning indicator.

Admin Okta admin who enrolled the user in MFA. Object
ID ID of the Okta admin who enrolled the user in MFA. String
Alternate ID Email address of the Okta admin. String
Display Name Display name of the Okta admin. String
Type Type of Okta admin who enrolled the user in MFA. String
Okta User Okta user who was authenticated through MFA. Object
ID ID of the Okta user. String
Alternate ID Email address of the Okta user. String
Display Name Display name of the Okta user. String
UUID Webhook event's universal unique identifier. String
Event Details Raw JSON payload returned from the Okta API for this particular event. Object
Headers Object representing the headers for the response; each key of the header will be parsed into a header string as "key: value" (Content-Type: text/plain). Object
Source Source of user-specific data. Object
Debug Context
Debug Data Information on the triggered event used for debugging; for example, returned data can include a URI, an SMS provider, or transaction ID. Object

While you can create additional user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.

No other fields are supported for users or groups, and data from such fields isn't returned by this event card.

Trigger a flow with the User MFA event card

To trigger a flow, you must use a mobile device and complete these steps:

  1. In the Admin Console, go to SecurityMultifactor.

  2. Select a factor to activate by selecting Active from the factor's drop-down, then complete any additional steps. Factors that are already activated are designated as such with green check marks.

    It is recommended that you activate the Okta Verify, SMS Authentication, or Security Question factors.

  3. In the top right corner of the Admin Console, click the account dropdown menu, and then click My settings.

  4. In the Extra Verification section, click Set up for the new factor that you selected previously, then complete the steps to activate that factor.

  5. Return to the Admin Console, and go to SecurityMultifactorFactor Enrollment.

  6. Verify that the factor that you've set up previously is not have a status of Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required for that factor's drop-down, then click Update Policy.

  7. Navigate to SecurityAuthenticationSign On.

  8. Click Add New Okta Sign-on Policy.

  9. In the Add Policy dialog box, add a string in the Policy Name field (for example, MFA), then click Create Policy and Add Rule.

  10. In the Add Rule dialog, add a string in the Rule Name field.

  11. In the Authentication section, make sure that the Password / Any IDP + Any factor and the Every Time options are selected, then click Create Rule.

  12. On the Authentication page, verify that the policy that you've just created has a status of Active.

  13. Sign out from Okta.

  14. Sign in again. After entering your username and password, you will be prompted for an MFA challenge.

    Once you complete the MFA authentication, the User MFA event card will be triggered.

Related topics

Okta connector

Workflow elements

Guidance for Okta connector

Okta API documentation