Enroll and auto-activate Okta Email Factor

ank_gupta · January 9, 2023, 12:48pm

Hi,

I am trying to use Enroll and auto-activate Okta Email Factor API. My end goal is to avoid the verification email being sent to user and just allow a user to directly receive code on their email.

Request : https://okta-domain/api/v1/users/{user-details}/factors?activate=true
Request Body : {
“factorType”: “email”,
“provider”: “OKTA”,
“profile”: {
“email”: “test@gmail.com”
}
}

When I tried using the API got the below error in response:

{
“errorCode”: “E0000001”,
“errorSummary”: “Api validation failed: factorEnrollRequest”,
“errorLink”: “E0000001”,
“errorId”: “oae7oZ1xyRmSZaTB8aOC-fzIg”,
“errorCauses”: [
{
“errorSummary”: “A factor of this type is already set up.”
}
]
}

Please let me know if anyone can suggest something.

Thanks

louie · January 9, 2023, 5:01pm

Hi @ank_gupta. Is your org using Okta Classic or Okta Identity Engine?

ank_gupta · January 10, 2023, 7:26am

OKTA Identity Engine

louie · January 10, 2023, 2:10pm

The email authenticator is auto-enrolled for both authentication and recovery flows when a user verifies their primary email address or if you provide it during user creation. This ensures that the user doesn’t receive redundant email enrollment challenges if they already proved they own the email address (self-service registration) or if they don’t need to prove they own the email address (admin-created users).

ank_gupta · January 10, 2023, 3:34pm

Hey Louie,

Is there a way to skip the email verification step in OKTA ? Like we enroll the email and user just get the code on email without veriffying the email address ?

Inter0701 · January 29, 2024, 11:37pm

Hi Louie,

My org is Okta identity Engine. But the email authenticator is still auto-enrolled even it’s optional for a new user created with api (with password and activated with creation). It’s normal ?

Thanks for your return.

Inter