I am trying to use the Factors API to enroll different factors for my tenant. I have been successful with many of the factors, but am stuck on ‘Security Key or Built-in Authenticator’.
I am able to use Okta’s Settings page to enroll my device. When I make an API call to see my factors, the factor is listed as factorType: webauthn with provider: FIDO.
I can’t find that factorType anywhere in the Factors API.
Can someone please point me in the right direction?
I believe YubiKeys can be done by the API if you explore the postman collection (Factor’s lifecycle options) you can enroll the user by passing the body below:
Yes, YubiKeys can be done that way. But it also requires quite a bit of setup to use the YubiKey in that way. We may have 10k keys in use, and no one wants to plug all of them in, one at a time, to get them setup.
I’m sorry but that is kinda of the point of YubiKeys. You could try to contact Yubico to see if they offer a service to set them up for you but it will also require them getting someone to plug in the YubiKeys one at a time to set them up.
You could allow your users to setup the Yubikeys themselves which should help however there is no way to do this without plugging in each one.
Hi,
I have been trying to do the same i.e. do webauthn enrollment using Okta api. As per the webauthn documentation, origin is verified and if the enrollment is done using something other than Okta url, did it work for you?
I am also trying to figure out how to enroll users in webauthn with the Factors API. There is little to no documentation about what to do with the response from the Factors API. The response I get is something like below. What do I do with it to enroll users in webauthn?
After you send the request to enroll the factor, you next need to activate it. See how the status in the response above shows the transaction is in the PENDING_ACTIVATION state.
You likely want to check out our Factors API doc to see how to finish activating this factor.