Does Adaptive MFA "make sense" with a custom login widget?


If I use a custom login widget / API to login a user – am I still able to get value out of Adaptive MFA? I’m not entirely sure since much of the information (IP Address, User-Agent, etc…) won’t be present unless I’m missing something? (Which is often the case!) :slight_smile:

If you’re communicating directly with Okta (such as with a SPA), the ip address and user agent will automatically be passed to Okta from the browser. If you’re using a middleware app, like .NET or Spring Boot, you can use the standard x-forwarded-for header to pass along the user’s ip address (which comes in from the browser) over to Okta. Okta will use the ip address from that header if present to make it’s network-based decisions.

Hello - we are using custom authentication to validate user’s credential and now planning to implement adaptive MFA for 2nd factor. Interested to know the steps to implement this solution from server side (SpringBoot) to integrate with Okta’s adaptive MFA. Also how to register user using API and each login pass details (ip, device info) to adaptive MFA to get risk response to challenge the user or allow without challenge.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.