supported_factors
Creates, updates, deletes, gets or lists a supported_factors resource.
Overview
| Name | supported_factors |
| Type | Resource |
| Id | okta.users.supported_factors |
Fields
The following fields are returned by SELECT queries:
- list_supported_factors
| Name | Datatype | Description |
|---|---|---|
_embedded | object | Embedded resources related to the factor |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
enrollment | string | Indicates if the factor is required for the specified user (example: OPTIONAL) |
factorType | string | Type of factor |
provider | string | |
status | string | Status of the factor (example: ACTIVE) |
vendorName | string | Name of the factor vendor. This is usually the same as the provider except for On-Prem MFA, which depends on admin settings. (example: OKTA) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_supported_factors | select | subdomain | Lists all the supported factors that can be enrolled for the specified user that are included in the highest priority authenticator enrollment policy that applies to the user. Only factors that are REQUIRED or OPTIONAL in the highest priority authenticator enrollment policy can be returned.> Note: When admins use this endpoint for other users, the authenticator enrollment policy that's evaluated can vary depending on how client-specific conditions are configured in the rules of an authenticator enrollment policy. The client-specific conditions of the admin's client are used during policy evaluation instead of the client-specific conditions of the user. This can affect which authenticator enrollment policy is evaluated and which factors are returned. > > For example, an admin in Europe lists all supported factors for a user in North America. The network zone of the admin's client (in Europe) is used during policy evaluation instead of the network zone of the user (in North America). |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_supported_factors
Lists all the supported factors that can be enrolled for the specified user that are included in the highest priority authenticator enrollment policy that applies to the user.
Only factors that are REQUIRED or OPTIONAL in the highest priority authenticator enrollment policy can be returned.
> Note: When admins use this endpoint for other users, the authenticator enrollment policy that's evaluated can vary depending on how client-specific conditions are configured in the rules of an authenticator enrollment policy. The client-specific conditions of the admin's client are used during policy evaluation instead of the client-specific conditions of the user. This can affect which authenticator enrollment policy is evaluated and which factors are returned.
>
> For example, an admin in Europe lists all supported factors for a user in North America. The network zone of the admin's client (in Europe) is used during policy evaluation instead of the network zone of the user (in North America).
SELECT
_embedded,
_links,
enrollment,
factorType,
provider,
status,
vendorName
FROM okta.users.supported_factors
WHERE subdomain = '{{ subdomain }}' -- required;