Skip to main content

MFAController

This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method

All URIs are relative to https://sailpoint.api.identitynow.com/beta

MethodHTTP requestDescription
New-BetaSendTokenPOST /mfa/token/sendCreate and send user token
Ping-BetaVerificationStatusPOST /mfa/{method}/pollPolling MFA method by VerificationPollRequest
Send-BetaDuoVerifyRequestPOST /mfa/duo-web/verifyVerifying authentication via Duo method
Send-BetaKbaAnswersPOST /mfa/kba/authenticateAuthenticate KBA provided MFA method
Send-BetaOktaVerifyRequestPOST /mfa/okta-verify/verifyVerifying authentication via Okta method
Send-BetaTokenAuthRequestPOST /mfa/token/authenticateAuthenticate Token provided MFA method

create-send-token

This API send token request.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodySendTokenRequestSendTokenRequestTrue

Return type

SendTokenResponse

Responses

CodeDescriptionData Type
200Token send status.SendTokenResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$SendTokenRequest = @"{
"userAlias" : "will.albin",
"deliveryType" : "EMAIL_WORK"
}"@

# Create and send user token

try {
$Result = ConvertFrom-JsonToSendTokenRequest -Json $SendTokenRequest
New-BetaSendToken -BetaSendTokenRequest $Result

# Below is a request that includes all optional parameters
# New-BetaSendToken -BetaSendTokenRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaSendToken"
Write-Host $_.ErrorDetails
}

[Back to top]

ping-verification-status

This API poll the VerificationPollRequest for the specified MFA method.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathMethodStringTrueThe name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
BodyVerificationPollRequestVerificationPollRequestTrue

Return type

VerificationResponse

Responses

CodeDescriptionData Type
200MFA VerificationPollRequest status an MFA method.VerificationResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
$VerificationPollRequest = @"{
"requestId" : "089899f13a8f4da7824996191587bab9"
}"@

# Polling MFA method by VerificationPollRequest

try {
$Result = ConvertFrom-JsonToVerificationPollRequest -Json $VerificationPollRequest
Ping-BetaVerificationStatus -Method $Method -BetaVerificationPollRequest $Result

# Below is a request that includes all optional parameters
# Ping-BetaVerificationStatus -Method $Method -BetaVerificationPollRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Ping-BetaVerificationStatus"
Write-Host $_.ErrorDetails
}

[Back to top]

send-duo-verify-request

This API Authenticates the user via Duo-Web MFA method.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyDuoVerificationRequestDuoVerificationRequestTrue

Return type

VerificationResponse

Responses

CodeDescriptionData Type
200The status of verification request.VerificationResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$DuoVerificationRequest = @"{
"signedResponse" : "AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2",
"userId" : "2c9180947f0ef465017f215cbcfd004b"
}"@

# Verifying authentication via Duo method

try {
$Result = ConvertFrom-JsonToDuoVerificationRequest -Json $DuoVerificationRequest
Send-BetaDuoVerifyRequest -BetaDuoVerificationRequest $Result

# Below is a request that includes all optional parameters
# Send-BetaDuoVerifyRequest -BetaDuoVerificationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaDuoVerifyRequest"
Write-Host $_.ErrorDetails
}

[Back to top]

send-kba-answers

This API Authenticate user in KBA MFA method.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyKbaAnswerRequestItem[]KbaAnswerRequestItemTrue

Return type

KbaAuthResponse

Responses

CodeDescriptionData Type
200KBA authenticated status.KbaAuthResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

 $KbaAnswerRequestItem = @"{
"answer" : "Your answer",
"id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] |


# Authenticate KBA provided MFA method

try {
$Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
Send-BetaKbaAnswers -BetaKbaAnswerRequestItem $Result

# Below is a request that includes all optional parameters
# Send-BetaKbaAnswers -BetaKbaAnswerRequestItem $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaKbaAnswers"
Write-Host $_.ErrorDetails
}

[Back to top]

send-okta-verify-request

This API Authenticates the user via Okta-Verify MFA method. Request requires a header called 'slpt-forwarding', and it must contain a remote IP Address of caller.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyOktaVerificationRequestOktaVerificationRequestTrue

Return type

VerificationResponse

Responses

CodeDescriptionData Type
200The status of verification request.VerificationResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$OktaVerificationRequest = @"{
"userId" : "example@mail.com"
}"@

# Verifying authentication via Okta method

try {
$Result = ConvertFrom-JsonToOktaVerificationRequest -Json $OktaVerificationRequest
Send-BetaOktaVerifyRequest -BetaOktaVerificationRequest $Result

# Below is a request that includes all optional parameters
# Send-BetaOktaVerifyRequest -BetaOktaVerificationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaOktaVerifyRequest"
Write-Host $_.ErrorDetails
}

[Back to top]

send-token-auth-request

This API Authenticate user in Token MFA method.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyTokenAuthRequestTokenAuthRequestTrue

Return type

TokenAuthResponse

Responses

CodeDescriptionData Type
200Token authenticated status.TokenAuthResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$TokenAuthRequest = @"{
"userAlias" : "will.albin",
"deliveryType" : "EMAIL_WORK",
"token" : "12345"
}"@

# Authenticate Token provided MFA method

try {
$Result = ConvertFrom-JsonToTokenAuthRequest -Json $TokenAuthRequest
Send-BetaTokenAuthRequest -BetaTokenAuthRequest $Result

# Below is a request that includes all optional parameters
# Send-BetaTokenAuthRequest -BetaTokenAuthRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaTokenAuthRequest"
Write-Host $_.ErrorDetails
}

[Back to top]