Skip optional MFA via API

In my Okta Org, I have setup the MFA as optional. So, when I call the Primary Authentication API, in the response I got back, the state is “MF_ENROLL” and “enrollment”: “OPTIONAL” as following. Now I want to skip the setup. What API should I call? I tried /api/v1/authn/skip. But it just returns back the same state.

“factors”: [
{
“factorType”: “token:software:totp”,
“provider”: “GOOGLE”,
“vendorName”: “GOOGLE”,
“_links”: {
“enroll”: {
“href”: “https://dev-nnnnn.oktapreview.com/api/v1/authn/factors”,
“hints”: {
“allow”: [
“POST”
]
}
}
},
“status”: “NOT_SETUP”,
“enrollment”: “OPTIONAL”
}
]

Hi @dcao

Can you please check if the user is enrolled in at least one MFA before skipping the transaction state?

Right now, I only have one MFA - Google Authenticator and I make it optional. I was trying to skip it since it is optional. So, you are saying that I can only skip the second one, not the first one?

Thanks!

Hi @dcao

Yes, that is correct. As mentioned here, you can skip the enrollment once the user has enrolled in at least one MFA.

All of our MFA methods are set to optional, policy requires one to be used so we are getting MFA_Enroll. After the user enrolls in one of the options we are getting a 403 trying to skip. Are there any other settings that need to be enabled? The skip call is being made with an api token.

Thanks

Hi @troymartinfcsa

What is the error message returned by Okta in the response for the 403 error?

Meant to post this morning that we figured out what the issue was by watching the calls the okta sign in widget is making and have it working. We were not using the correct activation call for the factor. Once we used api/v1/authn/factors/{factorId}/lifecycle/activate we could skip enrolling in other factors.

Thanks