Configure and test multifactor authentication (MFA) methods

All URIs are relative to

MethodHTTP requestDescription
Get-V2024MFADuoConfigGET /mfa/duo-web/configConfiguration of Duo MFA method
Get-V2024MFAKbaConfigGET /mfa/kba/configConfiguration of KBA MFA method
Get-V2024MFAOktaConfigGET /mfa/okta-verify/configConfiguration of Okta MFA method
Set-V2024MFADuoConfigPUT /mfa/duo-web/configSet Duo MFA configuration
Set-V2024MFAKBAConfigPOST /mfa/kba/config/answersSet MFA KBA configuration
Set-V2024MFAOktaConfigPUT /mfa/okta-verify/configSet Okta MFA configuration
Test-V2024MFAConfigGET /mfa/{method}/testMFA method's test configuration


This API returns the configuration of an Duo MFA method.


CodeDescriptionData Type
200The configuration of an Duo MFA method.MfaDuoConfig
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

# Configuration of Duo MFA method

try {

# Below is a request that includes all optional parameters
# Get-V2024MFADuoConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024MFADuoConfig"
Write-Host $_.ErrorDetails

This API returns the KBA configuration for MFA.


QueryAllLanguagesBoolean(optional)Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false

CodeDescriptionData Type
200The configuration for KBA MFA method.KbaQuestion[]
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

$AllLanguages = $false # Boolean | Indicator whether the question text should be returned in all configured languages    * If true, the question text is returned in all languages that it is configured in.    * If false, the question text is returned in the user locale if available, else for the default locale.     * If not passed, it behaves the same way as passing this parameter as false (optional)

# Configuration of KBA MFA method

try {

# Below is a request that includes all optional parameters
# Get-V2024MFAKbaConfig -V2024AllLanguages $AllLanguages
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024MFAKbaConfig"
Write-Host $_.ErrorDetails

This API returns the configuration of an Okta MFA method.


CodeDescriptionData Type
200The configuration of an Okta MFA method.MfaOktaConfig
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

# Configuration of Okta MFA method

try {

# Below is a request that includes all optional parameters
# Get-V2024MFAOktaConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024MFAOktaConfig"
Write-Host $_.ErrorDetails

This API sets the configuration of an Duo MFA method.


CodeDescriptionData Type
200MFA configuration of an Duo MFA method.MfaDuoConfig
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

$MfaDuoConfig = @"{
"accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
"host" : "",
"configProperties" : {
"skey" : "qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x",
"ikey" : "Q123WE45R6TY7890ZXCV"
"mfaMethod" : "duo-web",
"enabled" : true,
"identityAttribute" : "email"

# Set Duo MFA configuration

try {
$Result = ConvertFrom-JsonToMfaDuoConfig -Json $MfaDuoConfig
Set-V2024MFADuoConfig -V2024MfaDuoConfig $Result

# Below is a request that includes all optional parameters
# Set-V2024MFADuoConfig -V2024MfaDuoConfig $MfaDuoConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-V2024MFADuoConfig"
Write-Host $_.ErrorDetails

This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration.


CodeDescriptionData Type
200The new KBA configuration for the user.KbaAnswerResponseItem[]
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

 $KbaAnswerRequestItem = @"{
"answer" : "Your answer",
"id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] |

# Set MFA KBA configuration

try {
$Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
Set-V2024MFAKBAConfig -V2024KbaAnswerRequestItem $Result

# Below is a request that includes all optional parameters
# Set-V2024MFAKBAConfig -V2024KbaAnswerRequestItem $KbaAnswerRequestItem
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-V2024MFAKBAConfig"
Write-Host $_.ErrorDetails

This API sets the configuration of an Okta MFA method.


CodeDescriptionData Type
200MFA configuration of an Okta MFA method.MfaOktaConfig
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

$MfaOktaConfig = @"{
"accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
"host" : "",
"mfaMethod" : "okta-verify",
"enabled" : true,
"identityAttribute" : "email"

# Set Okta MFA configuration

try {
$Result = ConvertFrom-JsonToMfaOktaConfig -Json $MfaOktaConfig
Set-V2024MFAOktaConfig -V2024MfaOktaConfig $Result

# Below is a request that includes all optional parameters
# Set-V2024MFAOktaConfig -V2024MfaOktaConfig $MfaOktaConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-V2024MFAOktaConfig"
Write-Host $_.ErrorDetails

This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.


Param TypeNameData TypeRequiredDescription
PathMethodStringTrueThe name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

CodeDescriptionData Type
200The result of configuration test for the MFA provider.MfaConfigTestResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.

# MFA method's test configuration

try {
Test-V2024MFAConfig -V2024Method $Method

# Below is a request that includes all optional parameters
# Test-V2024MFAConfig -V2024Method $Method
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Test-V2024MFAConfig"
Write-Host $_.ErrorDetails

