Search Vault documentation » Configure Okta MFA MethodThis endpoint defines an MFA method of type Okta.
Method Path POST
/identity/mfa/method/okta/:id
» Parametersid
(string: "")
- Optional UUID to specify if updating an existing method.
username_format
(string)
- A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}
. For example, "{{identity.entity.name}}@example.com"
. If blank, the Entity's Name field is used as-is.
org_name
(string: <required>)
- Name of the organization to be used in the Okta API.
api_token
(string: <required>)
- Okta API key.
base_url
(string)
- If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.
primary_email
(bool: false)
- If set, the username will only match the primary email for the account.
» Sample Payload{
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"org_name" : "dev-262778" ,
"api_token" : "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}
{
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"org_name" : "dev-262778" ,
"api_token" : "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}
» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
» Read Okta MFA MethodThis endpoint queries the MFA configuration of Okta type for a given method
name.
Method Path GET
/identity/mfa/method/okta/:id
» Parametersid
(string: <required>)
– UUID of the MFA method.» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
» Sample Response{
"data" : {
"api_token" : "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC" ,
"id" : "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc" ,
"name" : "my_okta" ,
"org_name" : "dev-262778" ,
"type" : "okta" ,
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
}
}
{
"data" : {
"api_token" : "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC" ,
"id" : "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc" ,
"name" : "my_okta" ,
"org_name" : "dev-262778" ,
"type" : "okta" ,
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
}
}
» Delete Okta MFA MethodThis endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use
by a login enforcement .
Method Path DELETE
/identity/mfa/method/okta/:id
» Parametersid
(string: <required>)
- UUID of the MFA method.» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
» List Okta MFA MethodsThis endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.
Method Path LIST
/identity/mfa/method/okta
» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
» Sample Response{
"data" : {
"keys" : [
"1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
]
}
}
{
"data" : {
"keys" : [
"1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
]
}
}