I am using the redirect model to have user to login via okta. As part of the the login process, the user enters login credentials and ask for MFA. Once the user successfully logged in have an authenticated session, when i click on a button (high risk action) like approving access to certain environment, i would like the user to prompted with an MFA screen to verify his identity.
I am not sure how to invoke the MFA screen programmatically for a button click once user has a authenticated session in redirect model?
When you perform redirect authentication, you most likely will use the /authorize?... endpoint. If you want end user to be challenged again, you can add max_age=0 parameter to the authorize request like /authorize?max_age=0&.... This will ignore previous session and challenge again.
max_age Allowable elapsed time, in seconds, since the last time the end user was actively authenticated by Okta.
Thanks Ram for the answer. But i don’t want the user to enter the password again as the user is in a valid session. The goal is to invoke the 2nd factor before they perform a high risk action in our app like say starting a new rdp session.
Also is there a way to dynamically send the referral url as part of the request, and return back by okta when successfull?
For example there is HomePage, Page A, Page B.
User click on the login button in the Homepage. User is redirected to okta and user is successfully authenticated and redirected to Page A.
User now goes to page B and clicks on the Button. Now we call the okta authorize endpoint with maxage = 0 to invoke the 2nd factor and want to pass a referrer Url where the request came from. So that the user is redirected to the referrer url page once 2nd factor is successful.