Authentication operations Primary authenticationĮvery authentication transaction starts with primary authentication which validates a user's primary password credential. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. Note: Some of the curl code examples on this page include SSWS API token authentication. The Sign-In Widget is easier to use and supports basic use cases.įor more advanced use cases, learn the Okta API basics. Check out the Okta Sign-In Widget which is built on the Authentication API. Note: Trusted web applications may need to override the client request context to forward the originating client context for the user. Trusted apps may implement their own recovery flows and primary authentication process and may receive additional metadata about the user before primary authentication has successfully completed. Trusted applications are backend applications that act as authentication broker or login portal for your Okta organization and may start an authentication or recovery transaction with an administrator API token. Public applications are aggressively rate-limited to prevent abuse and require primary authentication to be successfully completed before releasing any metadata about a user. Public applicationĪ public application is an application that anonymously starts an authentication or recovery transaction without an API token, such as the Okta Sign-In Widget. Note: In Identity Engine, the Multifactor (MFA) Enrollment Policy name has changed to authenticator enrollment policy. Note: Policy evaluation is conditional on the client request context such as IP address. The behavior of the Okta Authentication API varies depending on the type of your application and your org's security policies such as the global session policy, the MFA Enrollment Policy, or the Password Policy. This functionality is subject to the security policy set by the administrator. Recovery allows users to securely reset their password if they've forgotten it, or unlock their account if it has been locked out due to excessive failed login attempts.The Authentication API supports user enrollment with MFA factors enabled by the administrator, as well as MFA challenges based on your global session policy. Multifactor authentication (MFA) strengthens the security of password-based authentication by requiring additional verification of another Factor such as a temporary one-time passcode or an SMS passcode.Primary authentication allows you to verify username and password credentials for a user.The API is targeted for developers who want to build their own end-to-end login experience to replace the built-in Okta login experience and addresses the following key scenarios: It can be used as a standalone API to provide the identity layer on top of your existing application, or it can be integrated with the Okta Sessions API (opens new window) to obtain an Okta session cookie and access apps within Okta. The Okta Authentication API provides operations to authenticate users, perform multifactor enrollment and verification, recover forgotten passwords, and unlock accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |