Manual Chapter : Overview: Okta MFA using Factors API
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Overview: Okta MFA using Factors API
You can manage authorization and access to applications and resources using Okta MFA with Push, TOTP, and Yubikey factors using API-based integration for both standard and modern customization. End users can enroll multiple factors as desired while logging in. This example describes how to manually configure a Zero Trust Identity Aware Proxy using Okta MFA integrated in APM through Okta Factors API. You need to perform some administrative tasks in Okta and configure an application on the Okta administration dashboard for both identity and MFA access.
On APM, an Okta Connector defines Okta API parameters for the domain and API token. The Okta Connector also uses an HTTP Connector Transport for SSL and DNS settings. Then, you implement second factor authentication in an APM per-request policy by adding an Okta MFA agent to a subroutine. The agent specifies the place in the policy to trigger the MFA prompt and references the Okta Connector.
This use case does not require deployment of a separate RADIUS server. To implement Okta MFA with RADIUS authentication (without the use of Okta Factor API), Okta MFA see
Seamless OAuth with Okta and RADIUS MFA.