User MFA

Trigger a flow when a user is authenticated through multifactor authentication (MFA).

This operation uses the user.authentication.auth_via_mfa Okta event.


Field Definition Type

Date and Time

The date and time when the event was triggered in the Okta API.



Any message details about the event.


Event ID

Unique identifier of the event.


Event Type

Type of event that was published.


Event Time

Timestamp when the notification was delivered to the service.



Versioning indicator.



Okta admin who enrolled the user in MFA.



ID of the Okta admin who enrolled the user in MFA.


Alternate ID

Email address of the Okta admin.


Display Name

Display name of the Okta admin.



Type of Okta admin who enrolled the user in MFA.


Okta User

The Okta user who was authenticated through MFA.



The unique identifier of the Okta user.


Alternate ID

Email address of the Okta user.


Display Name

Display name of the Okta user.



The universal unique identifier of the webhook event.


Event Details

The raw JSON payload returned from the Okta API for this particular event.



An object that represents the headers for the response.

Each key of the header is parsed into a header string as a key and value pair, for example, Content-Type: text/plain.



The source of any user-specific data.


Debug Context

Debug Data

Information on the triggered event that you can use for debugging.

For example, returned data can include a URI, an SMS provider, or a transaction ID.


While you can create additional user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.

No other fields are supported for users or groups, and data from such fields isn't returned by this event card.

Trigger a flow with this card

To trigger a flow using this card, you must use a mobile device and complete the following procedure.

  1. Sign in to the Admin Console using a test account.

  2. In the Admin Console, go to SecurityMultifactor.

  3. Select a factor to activate by selecting Active from the factor's dropdown menu and complete any additional steps. This page displays active factors with green check marks.

    For this test, activate the Okta Verify, SMS Authentication, or Security Question factors.

  4. In the top-right corner of the Admin Console, click the dropdown menu for your account, and then click My settings.

  5. In the Extra Verification section, click Set up for the new factor that you selected and complete the steps to activate that factor.

  6. Go to SecurityMultifactorFactor Enrollment.

  7. Verify that the factor that you've set up previously isn't Disabled. If the policy is disabled, click Edit for that policy, select Optional or Required in that factor's dropdown menu and click Update Policy.

  8. Go to SecurityAuthenticationSign On.

  9. Click Add New Okta Sign-on Policy.

  10. In the Add Policy dialog, add a descriptive name in the Policy Name field (for example, MFA). Click Create Policy and Add Rule.

  11. In the Add Rule dialog, add a descriptive name in the Rule Name field.

  12. In the Authentication section, select the Password / Any IDP + Any factor and the Every Time options. Click Create Rule.

  13. On the Authentication page, verify that the policy that you created has a status of Active.

  14. Sign out from the Admin Console.

  15. Sign in again. After entering your username and password, Okta prompts you with an MFA challenge.

Completing the MFA authentication triggers any flow that uses the User MFA event card.

Related topics

Okta Devices connector

Okta Devices API

Device lifecycle

Cards in flows