Vault
okta
Create okta MFA method
This endpoint creates a new MFA method of type Okta.
| Method | Path |
|---|---|
POST | /identity/mfa/method/okta |
Parameters
method_name(string)- The unique name identifier for this MFA method. Supported from Vault 1.13.0.username_format(string)- A format string for mapping Identity names to MFA method names. Values to substitute should be placed in{{}}. For example,"{{identity.entity.name}}@example.com". If blank, the Entity's Name field is used as-is.org_name(string: <required>)- Name of the organization to be used in the Okta API.api_token(string: <required>)- Okta API key.base_url(string)- If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.primary_email(bool: false)- If set, the username will only match the primary email for the account.
Sample payload
{
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
"org_name": "dev-262778",
"api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
Sample response
{
"data": {
"method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b"
}
}
Update okta MFA method
This endpoint updates the configuration of an MFA method of type Okta.
| Method | Path |
|---|---|
POST | /identity/mfa/method/okta/:method_id |
Parameters
method_id(string: <required>)- UUID of the MFA method.and all of the parameters documented under the preceding "Create" endpoint.
Sample payload
Identical to the preceding "Create" endpoint.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
Read okta MFA method
This endpoint queries the MFA configuration of Okta type for a given method name.
| Method | Path |
|---|---|
GET | /identity/mfa/method/okta/:method_id |
Parameters
method_id(string: <required>)– UUID of the MFA method.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
Sample response
{
"data": {
"api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC",
"id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc",
"name": "my_okta",
"org_name": "dev-262778",
"type": "okta",
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
}
}
Delete okta MFA method
This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a login enforcement.
| Method | Path |
|---|---|
DELETE | /identity/mfa/method/okta/:method_id |
Parameters
method_id(string: <required>)- UUID of the MFA method.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
List okta MFA methods
This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.
| Method | Path |
|---|---|
LIST | /identity/mfa/method/okta |
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
Sample response
{
"data": {
"keys": [
"1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
]
}
}