Factors API, Status ACTIVE vs ENROLLED

Hi all,

We try to utilize factors API, whose documentation is here, in order we be able to perform the reset of an MFA factor. The whole user journey in our application is the following:

  • We check in the enrolled factors for the user that wants to do so, using this endpoint
  • We present the factors the factors that the user is enrolled in a form
  • User selects one of the factors via and submits it.
  • Then we delete that factor for the user.

It’s not clear the status of a factor returned by the endpoint:


According to the documentation, this endpoint

Enumerates all of the enrolled Factors for the specified User

On the other hand if we see the valid values from the table here:

There is a specific status value called ENROLLED.

What’s the difference between ACTIVE and ENROLLED ?
Shouldn’t the API call we perform return only the factors whose status is ENROLLED ?

For instance we have this view from the Okta for a user:

Whereas, when we try to read the factors that the user is enrolled we get back two factors

  • email
  • webauthn

and their status is ACTIVE, not ENROLLED.

Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to the Factors API. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)

Okta’s teams on the Community are better equipped to provide the comprehensive support and guidance you need as they have the specialised knowledge and expertise in Factors API.

We appreciate your understanding and are committed to ensuring you receive the best possible support. If you have any other questions or issues related to Okta’s developer tools and API’s, feel free to post them here, and we’ll be happy to assist!

1 Like