Skip to main content

enrollments

Creates, updates, deletes, gets or lists an enrollments resource.

Overview

Nameenrollments
TypeResource
Idokta.webauthn_registration.enrollments

Fields

The following fields are returned by SELECT queries:

NameDatatypeDescription
idstringID of the factor
_linksobjectSpecifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations.
createdstring (date-time)Timestamp indicating when the factor was enrolled
factorTypestringType of factor
lastUpdatedstring (date-time)Timestamp indicating when the factor was last updated
profileobjectSpecific attributes related to the factor
providerstring
statusstringStatus of the factor (example: ACTIVE)
vendorNamestringName of the factor vendor. This is usually the same as the provider. (example: OKTA)

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
list_web_authn_preregistration_factorsselectsubdomainLists all WebAuthn preregistration factors for the specified user
delete_web_authn_preregistration_factordeletesubdomainDeletes a specific WebAuthn preregistration factor for a user
activate_preregistration_enrollmentexecsubdomainActivates a preregistered WebAuthn factor. As part of this operation, Okta first decrypts and verifies the factor PIN and enrollment data sent by the fulfillment provider.
enroll_preregistration_enrollmentexecsubdomainEnrolls a preregistered WebAuthn factor. This WebAuthn factor has a longer challenge timeout period to accommodate the fulfillment request process. As part of this operation, Okta generates elliptic curve (EC) key-pairs used to encrypt the factor PIN and enrollment data sent by the fulfillment provider.
generate_fulfillment_requestexecsubdomainGenerates a fulfillment request by sending a WebAuthn preregistration event to start the flow. The WebAuthn preregistration integration for Okta Workflows uses a preregistration event to populate the fulfillment request.
send_pinexecsubdomainSends the decoded PIN for the specified WebAuthn preregistration enrollment. PINs are sent to the user's email. To resend the PIN, call this operation again.
assign_fulfillment_error_web_authn_preregistration_factorexecsubdomainAssigns the fulfillment error status to a WebAuthn preregistration factor for a user. The /mark-error path indicates that the specific FULFILLMENT_ERRORED AuthFactor status is set on the enrollment.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
subdomainstringThe domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org)

SELECT examples

Lists all WebAuthn preregistration factors for the specified user

SELECT
id,
_links,
created,
factorType,
lastUpdated,
profile,
provider,
status,
vendorName
FROM okta.webauthn_registration.enrollments
WHERE subdomain = '{{ subdomain }}' -- required;

DELETE examples

Deletes a specific WebAuthn preregistration factor for a user

DELETE FROM okta.webauthn_registration.enrollments
WHERE subdomain = '{{ subdomain }}' --required;

Lifecycle Methods

Activates a preregistered WebAuthn factor. As part of this operation, Okta first decrypts and verifies the factor PIN and enrollment data sent by the fulfillment provider.

EXEC okta.webauthn_registration.enrollments.activate_preregistration_enrollment 
@subdomain='{{ subdomain }}' --required 
@@json=
'{
"credResponses": "{{ credResponses }}", 
"fulfillmentProvider": "{{ fulfillmentProvider }}", 
"pinResponseJwe": "{{ pinResponseJwe }}", 
"serial": "{{ serial }}", 
"userId": "{{ userId }}", 
"version": "{{ version }}", 
"yubicoSigningJwks": "{{ yubicoSigningJwks }}"
}';