![]() Note: In Identity Engine, the MFA Enrollment Policy name has changed to authenticator enrollment policy. The transaction state of the response depends on the user's status, group memberships and assigned policies. Password Policy, MFA Policy, and Sign-On Policy are evaluated during primary authentication to determine if the user's password is expired, a Factor should be enrolled, or additional verification is required. The Sign-In Widget is easier to use and supports basic use cases.įor more advanced use cases, learn the Okta API basics.Īuthentication operations Primary authenticationĮvery authentication transaction starts with primary authentication which validates a user's primary password credential. Check out the Okta Sign-In Widget which is built on the Authentication API. Note: Trusted web applications may need to override the client request context to forward the originating client context for the user. ![]() Trusted apps may implement their own recovery flows and primary authentication process and may receive additional metadata about the user before primary authentication has successfully completed. Trusted applications are backend applications that act as authentication broker or login portal for your Okta organization and may start an authentication or recovery transaction with an administrator API token. Public applications are aggressively rate-limited to prevent abuse and require primary authentication to be successfully completed before releasing any metadata about a user. Public applicationĪ public application is an application that anonymously starts an authentication or recovery transaction without an API token, such as the Okta Sign-In Widget. Note: In Identity Engine, the Multifactor (MFA) Enrollment Policy name has changed to authenticator enrollment policy. ![]() Note: Policy evaluation is conditional on the client request context such as IP address. The behavior of the Okta Authentication API varies depending on the type of your application and your org's security policies such as the global session policy, the MFA Enrollment Policy, or the Password Policy. This functionality is subject to the security policy set by the administrator. ![]() Recovery allows users to securely reset their password if they've forgotten it, or unlock their account if it has been locked out due to excessive failed login attempts.The Authentication API supports user enrollment with MFA factors enabled by the administrator, as well as MFA challenges based on your global session policy. Multifactor authentication (MFA) strengthens the security of password-based authentication by requiring additional verification of another Factor such as a temporary one-time passcode or an SMS passcode.Primary authentication allows you to verify username and password credentials for a user.The API is targeted for developers who want to build their own end-to-end login experience to replace the built-in Okta login experience and addresses the following key scenarios: ![]() It can be used as a standalone API to provide the identity layer on top of your existing application, or it can be integrated with the Okta Sessions API to obtain an Okta session cookie and access apps within Okta. The Okta Authentication API provides operations to authenticate users, perform multifactor enrollment and verification, recover forgotten passwords, and unlock accounts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |