MFA Setup APIs
Learn about MFA setup APIs
Let's understand the various endpoints related to MFA Setup.
View current user MFA enrollment status
- Request
-
GET {oauth_uri}/oauth/users/mfaDetails
{ "availables": [ "AUTHENTICATOR", "EMAIL" ], "details": { "AUTHENTICATOR": { "verified": true }, "EMAIL": { "verified": true } } }
Get a QR code to enroll in app-based MFA
- Request
-
PUT {oauth_uri}/users/mfa/associateQRCode?mfatype=AUTHENTICATOR
- Response
-
Displays the QR code. For example:
Scan the QR code using an authenticator app such as, Okta Verify, Google Authenticator, or Microsoft Authenticator. After a successful scanning, the account shows the OTP at regular intervals, refreshing every 30 seconds.
Verify the QR code to enroll in app-based MFA
- Request
-
PUT {oauth_uri}/users/mfa/verifyQRCodeEnroll
- Payload
-
{ "mfatype": "AUTHENTICATOR", "totp": "331425" }
- Response
- 200 Ok as the HTTP status code
Self-reset app-based MFA enrollment
- Request
-
POST {oauth_uri}/users/mfa/resetMyQRCodeEnroll
- Response
- 200 Ok as the HTTP status code.
Reset app-based MFA enrollment by Admin
- Request
-
PUT {oauth_uri}/users/{username}/mfa/resetQRCodeEnroll
- Response
- 200 Ok as the HTTP status code.
Enroll in Email MFA
- Request
-
PUT {oauth_uri}/oauth/users/mfa/enrollEmail?mfatype=EMAIL
- Response
- 200 Ok as the HTTP status code.
Verify Email MFA enrollment
- Request
-
PUT {oauth_uri}/oauth/users/mfa/verifyEmail
- Payload
-
{ "mfatype": "EMAIL", "totp": "786416" }
- Response
- 200 Ok as the HTTP status code