Question regarding custom mfa authenticator via an OIDC idp

I’m trying to understand the design of Okta Custom IDP factor for MFA factor configuration. When the custom IDP is chosen as a second factor to verify the user login, what information does Okta pass to the service that helps it determine which user it is validating?

For example, in Microsoft, it sends and id_token_hint which can be used to get the username that we are verifying MFA for. How does this work in Okta?

A excerpt from the Microsoft docs outlines this, I couldnt find anything eqvivalent for Okta or maybe I’m not understanding something correctly:

Microsoft Entra ID uses the OIDC implicit flow to communicate with the external identity provider. Using this flow, communication with the provider is done exclusively by using the provider’s authorization endpoint. To let the provider know the user for whom Microsoft Entra ID is making the request, Microsoft Entra ID passes a token in through the id_token_hint parameter.

Hi @harisnametag,

We have a number of documents that describe our IdPs, depending on which one you use for the factor: Add an external Identity Provider | Okta Developer

If you look at the OIDC IdP there, you can see how it’s set up and what endpoints it requires, selecting between Authorization Code Flow or Implicit Flow. You can also use another type of IdP if you wish as well, such as a SAML 2.0 IdP as outlined in our documentation: Custom IdP factor

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.