--- layout: api page_title: /identity/mfa/method/okta - HTTP API description: >- The '/identity/mfa/method/okta' endpoint focuses on managing Okta MFA behaviors in Vault. --- ## Configure Okta MFA Method This endpoint defines an MFA method of type Okta. | Method | Path | | :----- |:--------------------------------| | `POST` | `/identity/mfa/method/okta/:id` | ### Parameters - `id` `(string: "")` - Optional UUID to specify if updating an existing method. - `mount_accessor` `(string: )` - The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. Note that this can be from the current namespace or a child namespace. - `username_template` `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}@example.com"`. If blank, the Entity's Name field is used as-is. - `org_name` `(string: )` - Name of the organization to be used in the Okta API. - `api_token` `(string: )` - Okta API key. - `base_url` `(string)` - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com. - `primary_email` `(bool: false)` - If set, the username will only match the primary email for the account. ### Sample Payload ```json { "mount_accessor": "auth_userpass_1793464a", "org_name": "dev-262778", "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC" } ``` ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ## Read Okta MFA Method This endpoint queries the MFA configuration of Okta type for a given method name. | Method | Path | | :----- |:--------------------------------| | `GET` | `/identity/mfa/method/okta/:id` | ### Parameters - `id` `(string: )` – UUID of the MFA method. ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request GET \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ### Sample Response ```json { "data": { "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC", "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc", "mount_accessor": "auth_userpass_1793464a", "name": "my_okta", "org_name": "dev-262778", "type": "okta", "username_template": "" } } ``` ## Delete Okta MFA Method This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a [login enforcement](/api/secret/identity/mfa/login-enforcement). | Method | Path | | :------- |:--------------------------------| | `DELETE` | `/identity/mfa/method/okta/:id` | ### Parameters - `id` `(string: )` - UUID of the MFA method. ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ## List Okta MFA Methods This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces. | Method | Path | |:-------|:----------------------------| | `LIST` | `/identity/mfa/method/okta` | ### Sample Request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request LIST \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` ### Sample Response ```json { "data": { "keys": [ "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc" ] } } ```