MFAConfiguration
Configure and test multifactor authentication (MFA) methods
All URIs are relative to https://sailpoint.api.identitynow.com/v3
| Method | HTTP request | Description |
|---|---|---|
| Remove-MFAConfig | DELETE /mfa/{method}/delete | Delete MFA method configuration |
| Get-MFADuoConfig | GET /mfa/duo-web/config | Configuration of Duo MFA method |
| Get-MFAKbaConfig | GET /mfa/kba/config | Configuration of KBA MFA method |
| Get-MFAOktaConfig | GET /mfa/okta-verify/config | Configuration of Okta MFA method |
| Set-MFADuoConfig | PUT /mfa/duo-web/config | Set Duo MFA configuration |
| Set-MFAKBAConfig | POST /mfa/kba/config/answers | Set MFA KBA configuration |
| Set-MFAOktaConfig | PUT /mfa/okta-verify/config | Set Okta MFA configuration |
| Test-MFAConfig | GET /mfa/{method}/test | MFA method's test configuration |
delete-mfa-config
This API removes the configuration for the specified MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Method | String | True | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | MFA configuration of an MFA method. | MfaOktaConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.
# Delete MFA method configuration
try {
Remove-MFAConfig -Method $Method
# Below is a request that includes all optional parameters
# Remove-MFAConfig -Method $Method
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-MFAConfig"
Write-Host $_.ErrorDetails
}
get-mfa-duo-config
This API returns the configuration of an Duo MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The configuration of an Duo MFA method. | MfaDuoConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
# Configuration of Duo MFA method
try {
Get-MFADuoConfig
# Below is a request that includes all optional parameters
# Get-MFADuoConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-MFADuoConfig"
Write-Host $_.ErrorDetails
}
get-mfa-kba-config
This API returns the KBA configuration for MFA.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | AllLanguages | Boolean | (optional) | Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The configuration for KBA MFA method. | KbaQuestion[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$AllLanguages = $false # Boolean | Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false (optional)
# Configuration of KBA MFA method
try {
Get-MFAKbaConfig
# Below is a request that includes all optional parameters
# Get-MFAKbaConfig -AllLanguages $AllLanguages
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-MFAKbaConfig"
Write-Host $_.ErrorDetails
}
get-mfa-okta-config
This API returns the configuration of an Okta MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The configuration of an Okta MFA method. | MfaOktaConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
# Configuration of Okta MFA method
try {
Get-MFAOktaConfig
# Below is a request that includes all optional parameters
# Get-MFAOktaConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-MFAOktaConfig"
Write-Host $_.ErrorDetails
}
set-mfa-duo-config
This API sets the configuration of an Duo MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | MfaDuoConfig | MfaDuoConfig | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | MFA configuration of an Duo MFA method. | MfaDuoConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$MfaDuoConfig = @"{
"accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
"host" : "example.com",
"configProperties" : {
"skey" : "qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x",
"ikey" : "Q123WE45R6TY7890ZXCV"
},
"mfaMethod" : "duo-web",
"enabled" : true,
"identityAttribute" : "email"
}"@
# Set Duo MFA configuration
try {
$Result = ConvertFrom-JsonToMfaDuoConfig -Json $MfaDuoConfig
Set-MFADuoConfig -MfaDuoConfig $Result
# Below is a request that includes all optional parameters
# Set-MFADuoConfig -MfaDuoConfig $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-MFADuoConfig"
Write-Host $_.ErrorDetails
}
set-mfakba-config
This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | KbaAnswerRequestItem | []KbaAnswerRequestItem | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The new KBA configuration for the user. | KbaAnswerResponseItem[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$KbaAnswerRequestItem = @"{
"answer" : "Your answer",
"id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] |
# Set MFA KBA configuration
try {
$Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
Set-MFAKBAConfig -KbaAnswerRequestItem $Result
# Below is a request that includes all optional parameters
# Set-MFAKBAConfig -KbaAnswerRequestItem $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-MFAKBAConfig"
Write-Host $_.ErrorDetails
}
set-mfa-okta-config
This API sets the configuration of an Okta MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | MfaOktaConfig | MfaOktaConfig | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | MFA configuration of an Okta MFA method. | MfaOktaConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$MfaOktaConfig = @"{
"accessKey" : "qw123Y3QlA5UqocYpdU3rEkzrK2D497y",
"host" : "example.com",
"mfaMethod" : "okta-verify",
"enabled" : true,
"identityAttribute" : "email"
}"@
# Set Okta MFA configuration
try {
$Result = ConvertFrom-JsonToMfaOktaConfig -Json $MfaOktaConfig
Set-MFAOktaConfig -MfaOktaConfig $Result
# Below is a request that includes all optional parameters
# Set-MFAOktaConfig -MfaOktaConfig $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Set-MFAOktaConfig"
Write-Host $_.ErrorDetails
}
test-mfa-config
This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Method | String | True | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The result of configuration test for the MFA provider. | MfaConfigTestResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.
# MFA method's test configuration
try {
Test-MFAConfig -Method $Method
# Below is a request that includes all optional parameters
# Test-MFAConfig -Method $Method
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Test-MFAConfig"
Write-Host $_.ErrorDetails
}