HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Vault
Vault Home

You are viewing documentation for version v1.11.x. View latest version.

okta

Configure okta MFA method

This endpoint defines an MFA method of type Okta.

MethodPath
POST/identity/mfa/method/okta/:id

Parameters

  • id (string: "") - Optional UUID to specify if updating an existing method.

  • username_format (string) - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}@example.com". If blank, the Entity's Name field is used as-is.

  • org_name (string: <required>) - Name of the organization to be used in the Okta API.

  • api_token (string: <required>) - Okta API key.

  • base_url (string) - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.

  • primary_email (bool: false) - If set, the username will only match the primary email for the account.

Sample payload

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "org_name": "dev-262778",
  "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

Read okta MFA method

This endpoint queries the MFA configuration of Okta type for a given method name.

MethodPath
GET/identity/mfa/method/okta/:id

Parameters

  • id (string: <required>) – UUID of the MFA method.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

Sample response

{
  "data": {
    "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC",
    "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc",
    "name": "my_okta",
    "org_name": "dev-262778",
    "type": "okta",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
  }
}

Delete okta MFA method

This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement.

MethodPath
DELETE/identity/mfa/method/okta/:id

Parameters

  • id (string: <required>) - UUID of the MFA method.

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc

List okta MFA methods

This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.

MethodPath
LIST/identity/mfa/method/okta

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/okta

Sample response

{
  "data": {
    "keys": [
      "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
    ]
  }
}
Edit this page on GitHub