I have integrated Okta with .net Web Api. When the user provides username and password, I am calling Okta domain API for Authentication. Authentication is being successful, however, the Authentication Status is ‘MFA_REQUIRED’.
I have a user who registered for MFA with SMS Authentication. In the API call I am getting “factor” array with factor type as ‘sms’.
When authentication API is called from my application,
- Does okta sends SMS to the user’s mobile phone ?. OR
- Should I call one more Okta API to send the SMS ?
If we go by #1, then the user is not receiving any SMS. Please suggest how should I move forward with MFA verification.
P.S, During the authentication API call, in the response, factors array has phone number as “phoneNumber”: “+91 XXXXX X1234”. Is this the expected format from the response ?.