MFAConfiguration

Configure and test multifactor authentication (MFA) methods

All URIs are relative to https://sailpoint.api.identitynow.com/beta

Method	HTTP request	Description
Remove-BetaMFAConfig	DELETE `/mfa/{method}/delete`	Delete MFA method configuration
Get-BetaMFADuoConfig	GET `/mfa/duo-web/config`	Configuration of Duo MFA method
Get-BetaMFAKbaConfig	GET `/mfa/kba/config`	Configuration of KBA MFA method
Get-BetaMFAOktaConfig	GET `/mfa/okta-verify/config`	Configuration of Okta MFA method
Set-BetaMFADuoConfig	PUT `/mfa/duo-web/config`	Set Duo MFA configuration
Set-BetaMFAKBAConfig	POST `/mfa/kba/config/answers`	Set MFA KBA configuration
Set-BetaMFAOktaConfig	PUT `/mfa/okta-verify/config`	Set Okta MFA configuration
Test-BetaMFAConfig	GET `/mfa/{method}/test`	MFA method's test configuration

delete-mfa-config

This API removes the configuration for the specified MFA method.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Path	Method	String	True	The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

Return type

MfaOktaConfig

Responses

Code	Description	Data Type
200	MFA configuration of an MFA method.	MfaOktaConfig
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: Not defined
Accept: application/json

Example

$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

# Delete MFA method configuration

try {
    Remove-BetaMFAConfig -Method $Method 
    
    # Below is a request that includes all optional parameters
    # Remove-BetaMFAConfig -Method $Method  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaMFAConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

get-mfa-duo-config

This API returns the configuration of an Duo MFA method.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description

Return type

MfaDuoConfig

Responses

Code	Description	Data Type
200	The configuration of an Duo MFA method.	MfaDuoConfig
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: Not defined
Accept: application/json

Example

# Configuration of Duo MFA method

try {
    Get-BetaMFADuoConfig 
    
    # Below is a request that includes all optional parameters
    # Get-BetaMFADuoConfig  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaMFADuoConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

get-mfa-kba-config

This API returns the KBA configuration for MFA.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Query	AllLanguages	Boolean	(optional)	Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false

Return type

KbaQuestion[]

Responses

Code	Description	Data Type
200	The configuration for KBA MFA method.	KbaQuestion[]
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: Not defined
Accept: application/json

Example

$AllLanguages = $false # Boolean | Indicator whether the question text should be returned in all configured languages    * If true, the question text is returned in all languages that it is configured in.    * If false, the question text is returned in the user locale if available, else for the default locale.     * If not passed, it behaves the same way as passing this parameter as false (optional)

# Configuration of KBA MFA method

try {
    Get-BetaMFAKbaConfig 
    
    # Below is a request that includes all optional parameters
    # Get-BetaMFAKbaConfig -AllLanguages $AllLanguages  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaMFAKbaConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

get-mfa-okta-config

This API returns the configuration of an Okta MFA method.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description

Return type

MfaOktaConfig

Responses

Code	Description	Data Type
200	The configuration of an Okta MFA method.	MfaOktaConfig
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: Not defined
Accept: application/json

Example

# Configuration of Okta MFA method

try {
    Get-BetaMFAOktaConfig 
    
    # Below is a request that includes all optional parameters
    # Get-BetaMFAOktaConfig  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaMFAOktaConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

set-mfa-duo-config

This API sets the configuration of an Duo MFA method.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Body	MfaDuoConfig	MfaDuoConfig	True

Return type

MfaDuoConfig

Responses

Code	Description	Data Type
200	MFA configuration of an Duo MFA method.	MfaDuoConfig
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: application/json
Accept: application/json

Example

$MfaDuoConfig = @"{
  "accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
  "host" : "example.com",
  "configProperties" : {
    "skey" : "qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x",
    "ikey" : "Q123WE45R6TY7890ZXCV"
  },
  "mfaMethod" : "duo-web",
  "enabled" : true,
  "identityAttribute" : "email"
}"@

# Set Duo MFA configuration

try {
    $Result = ConvertFrom-JsonToMfaDuoConfig -Json $MfaDuoConfig
    Set-BetaMFADuoConfig -BetaMfaDuoConfig $Result 
    
    # Below is a request that includes all optional parameters
    # Set-BetaMFADuoConfig -BetaMfaDuoConfig $Result  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-BetaMFADuoConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

set-mfakba-config

This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Body	KbaAnswerRequestItem	[]KbaAnswerRequestItem	True

Return type

KbaAnswerResponseItem[]

Responses

Code	Description	Data Type
200	The new KBA configuration for the user.	KbaAnswerResponseItem[]
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: application/json
Accept: application/json

Example

 $KbaAnswerRequestItem = @"{
  "answer" : "Your answer",
  "id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] | 
 

# Set MFA KBA configuration

try {
    $Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
    Set-BetaMFAKBAConfig -BetaKbaAnswerRequestItem $Result 
    
    # Below is a request that includes all optional parameters
    # Set-BetaMFAKBAConfig -BetaKbaAnswerRequestItem $Result  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-BetaMFAKBAConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

set-mfa-okta-config

This API sets the configuration of an Okta MFA method.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Body	MfaOktaConfig	MfaOktaConfig	True

Return type

MfaOktaConfig

Responses

Code	Description	Data Type
200	MFA configuration of an Okta MFA method.	MfaOktaConfig
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: application/json
Accept: application/json

Example

$MfaOktaConfig = @"{
  "accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
  "host" : "example.com",
  "mfaMethod" : "okta-verify",
  "enabled" : true,
  "identityAttribute" : "email"
}"@

# Set Okta MFA configuration

try {
    $Result = ConvertFrom-JsonToMfaOktaConfig -Json $MfaOktaConfig
    Set-BetaMFAOktaConfig -BetaMfaOktaConfig $Result 
    
    # Below is a request that includes all optional parameters
    # Set-BetaMFAOktaConfig -BetaMfaOktaConfig $Result  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-BetaMFAOktaConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

test-mfa-config

This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.

API Spec

Parameters

Param Type	Name	Data Type	Required	Description
Path	Method	String	True	The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

Return type

MfaConfigTestResponse

Responses

Code	Description	Data Type
200	The result of configuration test for the MFA provider.	MfaConfigTestResponse
400	Client Error - Returned if the request body is invalid.	ErrorResponseDto
401	Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.	ListAccessModelMetadataAttribute401Response
403	Forbidden - Returned if the user you are running as, doesn't have access to this end-point.	ErrorResponseDto
429	Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.	ListAccessModelMetadataAttribute429Response
500	Internal Server Error - Returned if there is an unexpected error.	ErrorResponseDto

HTTP request headers

Content-Type: Not defined
Accept: application/json

Example

$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

# MFA method's test configuration

try {
    Test-BetaMFAConfig -Method $Method 
    
    # Below is a request that includes all optional parameters
    # Test-BetaMFAConfig -Method $Method  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Test-BetaMFAConfig"
    Write-Host $_.ErrorDetails
}

[Back to top]

delete-mfa-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

get-mfa-duo-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

get-mfa-kba-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

get-mfa-okta-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

set-mfa-duo-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

set-mfakba-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

set-mfa-okta-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

test-mfa-config​

Parameters​

Return type​

Responses​

HTTP request headers​

Example​

delete-mfa-config

Parameters

Return type

Responses

HTTP request headers

Example

get-mfa-duo-config

Parameters

Return type

Responses

HTTP request headers

Example

get-mfa-kba-config

Parameters

Return type

Responses

HTTP request headers

Example

get-mfa-okta-config

Parameters

Return type

Responses

HTTP request headers

Example

set-mfa-duo-config

Parameters

Return type

Responses

HTTP request headers

Example

set-mfakba-config

Parameters

Return type

Responses

HTTP request headers

Example

set-mfa-okta-config

Parameters

Return type

Responses

HTTP request headers

Example

test-mfa-config

Parameters

Return type

Responses

HTTP request headers

Example