We are looking to integrate with a 3rd party service to check the risk score. The flow should be like, user enters the username and password, on successful authentication, a 3rd party API will be called to calculate the risk score. If result is to challenge the user then MFA will come on screen, if the result is successful then user will be logged in without MFA.
Is this achievable in Okta? Please suggest.
Thank you for writing in Dev Forum. My name is Akash from Okta.
For your use case, you can make use of the Primary Authentication API that allows you to validates user’s primary password credential such as username and password. The MFA will be evaluated during the Primary Authentication. You will require the user to be enrolled to a Factor in order for the user to be prompted with the MFA. Learn more - Authentication | Okta Developer
You can create a Global Policy for a certain group and a Rule for the same where you can set a policy to ask the MFA for a user by setting it as Required. To learn more, refer to this documentation - Configure a global session policy and authentication policies | Okta Developer
Let me know if you have any other queries.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.