--- layout: api page_title: /identity/mfa/method/okta - HTTP API description: >- The '/identity/mfa/method/okta' endpoint focuses on managing Okta MFA behaviors in Vault. --- ## Create okta MFA method This endpoint creates a new MFA method of type Okta. | Method | Path | |:-------|:----------------------------| | `POST` | `/identity/mfa/method/okta` | ### Parameters - `method_name` `(string)` - The unique name identifier for this MFA method. Supported from Vault 1.13.0. - `username_format` `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}@example.com"`. If blank, the Entity's Name field is used as-is. - `org_name` `(string: )` - Name of the organization to be used in the Okta API. - `api_token` `(string: )` - Okta API key. - `base_url` `(string)` - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com. - `primary_email` `(bool: false)` - If set, the username will only match the primary email for the account. ### Sample payload ```json { "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}", "org_name": "dev-262778", "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC" } ``` ### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` ### Sample response ```json { "data": { "method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b" } } ``` ## Update okta MFA method This endpoint updates the configuration of an MFA method of type Okta. | Method | Path | |:-------|:---------------------------------------| | `POST` | `/identity/mfa/method/okta/:method_id` | ### Parameters - `method_id` `(string: )` - UUID of the MFA method. - and all of the parameters documented under the preceding "Create" endpoint. ### Sample payload Identical to the preceding "Create" endpoint. ### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ## Read okta MFA method This endpoint queries the MFA configuration of Okta type for a given method name. | Method | Path | |:-------|:---------------------------------------| | `GET` | `/identity/mfa/method/okta/:method_id` | ### Parameters - `method_id` `(string: )` – UUID of the MFA method. ### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request GET \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ### Sample response ```json { "data": { "api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC", "id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc", "name": "my_okta", "org_name": "dev-262778", "type": "okta", "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}" } } ``` ## Delete okta MFA method This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use by a [login enforcement](/vault/api-docs/secret/identity/mfa/login-enforcement). | Method | Path | |:---------|:---------------------------------------| | `DELETE` | `/identity/mfa/method/okta/:method_id` | ### Parameters - `method_id` `(string: )` - UUID of the MFA method. ### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc ``` ## List okta MFA methods This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces. | Method | Path | |:-------|:----------------------------| | `LIST` | `/identity/mfa/method/okta` | ### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request LIST \ http://127.0.0.1:8200/v1/identity/mfa/method/okta ``` ### Sample response ```json { "data": { "keys": [ "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc" ] } } ```