Master code option in MFA API?

Angus · June 29, 2017, 8:34pm

###Story

Angus logs in website with his username and password.
He sees the screen asking for code from Google Authenticator.
He unlocks the phone and opens Google Authenticator.
He finds out the Google Authenticator is not working and does not display the auth code for some reason.
Alternatively, he enters the master code he got when setting up 2FA.
He logs in successfully.

###Question
Does OKTA MFA API give the user a master code when user sign up for MFA?

mcguinness · June 30, 2017, 4:02pm

Google Authenticator is a standards-based implementation of TOTP. When enrolling the factor, a “shared secret” is generated by Okta and stored in Google Authenticator as part of the enrollment process (e.g. scanning QR code or manually creating a new entry). Okta asks you to complete a TOTP challenge as part of the enrollment process to make sure you the end-user has successfully configured their authenticator.

You can only obtain the “shared secret” during factor enrollment.

https://developer.okta.com/docs/api/resources/authn.html#enroll-google-authenticator-factor
https://developer.okta.com/docs/api/resources/factors.html#enroll-google-authenticator-factor

system · January 12, 2024, 7:05pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.