Skip optional MFA via API

dcao · October 22, 2019, 11:15pm

In my Okta Org, I have setup the MFA as optional. So, when I call the Primary Authentication API, in the response I got back, the state is “MF_ENROLL” and “enrollment”: “OPTIONAL” as following. Now I want to skip the setup. What API should I call? I tried /api/v1/authn/skip. But it just returns back the same state.

“factors”: [
{
“factorType”: “token:software:totp”,
“provider”: “GOOGLE”,
“vendorName”: “GOOGLE”,
“_links”: {
“enroll”: {
“href”: “https://dev-nnnnn.oktapreview.com/api/v1/authn/factors”,
“hints”: {
“allow”: [
“POST”
]
}
}
},
“status”: “NOT_SETUP”,
“enrollment”: “OPTIONAL”
}
]

dragos · October 23, 2019, 3:05am

Hi @dcao

Can you please check if the user is enrolled in at least one MFA before skipping the transaction state?

dcao · October 23, 2019, 7:37pm

Right now, I only have one MFA - Google Authenticator and I make it optional. I was trying to skip it since it is optional. So, you are saying that I can only skip the second one, not the first one?

Thanks!

dragos · October 24, 2019, 3:07am

Hi @dcao

Yes, that is correct. As mentioned here, you can skip the enrollment once the user has enrolled in at least one MFA.

troymartinfcsa · January 2, 2020, 8:45pm

All of our MFA methods are set to optional, policy requires one to be used so we are getting MFA_Enroll. After the user enrolls in one of the options we are getting a 403 trying to skip. Are there any other settings that need to be enabled? The skip call is being made with an api token.

Thanks

dragos · January 3, 2020, 4:06am

Hi @troymartinfcsa

What is the error message returned by Okta in the response for the 403 error?

troymartinfcsa · January 3, 2020, 5:49pm

Meant to post this morning that we figured out what the issue was by watching the calls the okta sign in widget is making and have it working. We were not using the correct activation call for the factor. Once we used api/v1/authn/factors/{factorId}/lifecycle/activate we could skip enrolling in other factors.

Thanks