we would like to implement a simple authentication policy where users from some ip ranges will have access to login to okta just by answering to their secret question. we have done that using native okta screens. but we would like to implement that using rest api. we did successfully received sessionToken, but couldnt figure out how to start a sso session for the user to access other apps. we have tried a couple of suggested alternatives. can you please guide us how?
code flow is like
1 /api/v1/authn
if ok, get mfaFactorId
2 /api/v1/authn/factors/{mfaFactorId}/verify
if ok, get statetoken
3 /api/v1/authn/factors/{mfaFactorId}/verify
send statetoken and answer to security question
get sessiontoken
4 /api/v1/sessions
get set-cookie and set prior to redirect to an okta integrated app
thanks in advance