mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 21:21:06 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/api-docs/secret/identity/mfa/okta.mdx
Anton Averchenkov f4f0412b6a
[docs] Convert titles to sentense case (#21426) 
* Convert documentation titles to sentense case

* Docker, Google, Foundry, Cloud proper case
2023-06-30 19:22:07 -04:00

175 lines
4.3 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /identity/mfa/method/okta - HTTP API
description: >-
The '/identity/mfa/method/okta' endpoint focuses on managing Okta MFA behaviors in Vault.
---
## Create okta MFA method
This endpoint creates a new MFA method of type Okta.
| Method | Path |
|:-------|:----------------------------|
| `POST` | `/identity/mfa/method/okta` |
### Parameters
- `method_name` `(string)` - The unique name identifier for this MFA method. Supported from Vault 1.13.0.
- `username_format` `(string)` - A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}@example.com"`. If blank, the Entity's Name field is used as-is.
- `org_name` `(string: <required>)` - Name of the organization to be used in the Okta API.
- `api_token` `(string: <required>)` - Okta API key.
- `base_url` `(string)` - If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com.
- `primary_email` `(bool: false)` - If set, the username will only match the primary email for the account.
### Sample payload
```json
{
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
"org_name": "dev-262778",
"api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC"
}
```
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
```
### Sample response
```json
{
"data": {
"method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b"
}
}
```
## Update okta MFA method
This endpoint updates the configuration of an MFA method of type Okta.
| Method | Path |
|:-------|:---------------------------------------|
| `POST` | `/identity/mfa/method/okta/:method_id` |
### Parameters
- `method_id` `(string: <required>)` - UUID of the MFA method.
- and all of the parameters documented under the preceding "Create" endpoint.
### Sample payload
Identical to the preceding "Create" endpoint.
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```
## Read okta MFA method
This endpoint queries the MFA configuration of Okta type for a given method
name.
| Method | Path |
|:-------|:---------------------------------------|
| `GET` | `/identity/mfa/method/okta/:method_id` |
### Parameters
- `method_id` `(string: <required>)` UUID of the MFA method.
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```
### Sample response
```json
{
"data": {
"api_token": "0081u7KrReNkzmABZJAP2oDyIXccveqx9vIOEyCZDC",
"id": "1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc",
"name": "my_okta",
"org_name": "dev-262778",
"type": "okta",
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}"
}
}
```
## Delete okta MFA method
This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use
by a [login enforcement](/vault/api-docs/secret/identity/mfa/login-enforcement).
| Method | Path |
|:---------|:---------------------------------------|
| `DELETE` | `/identity/mfa/method/okta/:method_id` |
### Parameters
- `method_id` `(string: <required>)` - UUID of the MFA method.
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/okta/1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc
```
## List okta MFA methods
This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.
| Method | Path |
|:-------|:----------------------------|
| `LIST` | `/identity/mfa/method/okta` |
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/okta
```
### Sample response
```json
{
"data": {
"keys": [
"1db034b5-81f1-4a2b-8c2b-0f51ed0bd9fc"
]
}
}
```
Reference in New Issue View Git Blame Copy Permalink