Update Factor updatePhone=true flag does not work

Hello,

We are trying to update a factor phone number via the factor api and it does not work. In documentation it states “If the user wants to use a different phone number (instead of the existing phone number) then the enroll API call needs to supply updatePhone option with true.”

This flag does not work and we get back a 400 stating “A factor of this type is already set up.”

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
  "factorType": "sms",
  "provider": "OKTA",
  "profile": {
    "phoneNumber": "+1-555-415-1337"
  }
}' "https://dev-****.oktapreview.com/api/v1/users/${userId}/factors?updatePhone=true"

Is there something I’m missing here?

https://developer.okta.com/docs/api/resources/factors.html#existing-phone

I think the documentation of the parameter doesn’t convey the nuances associated with it. You can’t update the phone number when there is currently a phone that has been activated. If you need to re-enroll, you need to start from scratch by deleting the phone/sms factor.

updatePhone can only be used before the factor is activated.

Hope this helps, I’m going to ping the team to update the documentation.

This is an old thread, but the documentation does not seem to have been updated. I have the same use case where I want to update the SMS number, but only if new number is validated. Otherwise keep the existing number intact. This behavior is available in the Okta UI. But does not seem to work via the API.

I have the same requirement
I tried the following process:

1.Get the Factors list from the user using GET FACTORS --Extract the FactorID.
2.Delete the Existing SMS FACTOR by using DELETE FACTOR - FactorId has to be mentioned in the URL
3.Then use the {{url}}/api/v1/authn/factors?updatePhone=true
This process helped me in deleting the activated SMS factor and enrolling the SMS as MFA with updated mobile number.

Hope this helps.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.