MFAController
This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method
All URIs are relative to https://sailpoint.api.identitynow.com/v3
| Method | HTTP request | Description |
|---|---|---|
| New-SendToken | POST /mfa/token/send | Create and send user token |
| Ping-VerificationStatus | POST /mfa/{method}/poll | Polling MFA method by VerificationPollRequest |
| Send-DuoVerifyRequest | POST /mfa/duo-web/verify | Verifying authentication via Duo method |
| Send-KbaAnswers | POST /mfa/kba/authenticate | Authenticate KBA provided MFA method |
| Send-OktaVerifyRequest | POST /mfa/okta-verify/verify | Verifying authentication via Okta method |
| Send-TokenAuthRequest | POST /mfa/token/authenticate | Authenticate Token provided MFA method |
create-send-token
This API send token request.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | SendTokenRequest | SendTokenRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Token send status. | SendTokenResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$SendTokenRequest = @"{
"userAlias" : "will.albin",
"deliveryType" : "EMAIL_WORK"
}"@
# Create and send user token
try {
$Result = ConvertFrom-JsonToSendTokenRequest -Json $SendTokenRequest
New-SendToken -SendTokenRequest $Result
# Below is a request that includes all optional parameters
# New-SendToken -SendTokenRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-SendToken"
Write-Host $_.ErrorDetails
}
ping-verification-status
This API poll the VerificationPollRequest for the specified MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Method | String | True | The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa' |
| Body | VerificationPollRequest | VerificationPollRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | MFA VerificationPollRequest status an MFA method. | VerificationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
$VerificationPollRequest = @"{
"requestId" : "089899f13a8f4da7824996191587bab9"
}"@
# Polling MFA method by VerificationPollRequest
try {
$Result = ConvertFrom-JsonToVerificationPollRequest -Json $VerificationPollRequest
Ping-VerificationStatus -Method $Method -VerificationPollRequest $Result
# Below is a request that includes all optional parameters
# Ping-VerificationStatus -Method $Method -VerificationPollRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Ping-VerificationStatus"
Write-Host $_.ErrorDetails
}
send-duo-verify-request
This API Authenticates the user via Duo-Web MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | DuoVerificationRequest | DuoVerificationRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The status of verification request. | VerificationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$DuoVerificationRequest = @"{
"signedResponse" : "AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2",
"userId" : "2c9180947f0ef465017f215cbcfd004b"
}"@
# Verifying authentication via Duo method
try {
$Result = ConvertFrom-JsonToDuoVerificationRequest -Json $DuoVerificationRequest
Send-DuoVerifyRequest -DuoVerificationRequest $Result
# Below is a request that includes all optional parameters
# Send-DuoVerifyRequest -DuoVerificationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-DuoVerifyRequest"
Write-Host $_.ErrorDetails
}
send-kba-answers
This API Authenticate user in KBA MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | KbaAnswerRequestItem | []KbaAnswerRequestItem | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | KBA authenticated status. | KbaAuthResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$KbaAnswerRequestItem = @"{
"answer" : "Your answer",
"id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] |
# Authenticate KBA provided MFA method
try {
$Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
Send-KbaAnswers -KbaAnswerRequestItem $Result
# Below is a request that includes all optional parameters
# Send-KbaAnswers -KbaAnswerRequestItem $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-KbaAnswers"
Write-Host $_.ErrorDetails
}
send-okta-verify-request
This API Authenticates the user via Okta-Verify MFA method. Request requires a header called 'slpt-forwarding', and it must contain a remote IP Address of caller.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | OktaVerificationRequest | OktaVerificationRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The status of verification request. | VerificationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$OktaVerificationRequest = @"{
"userId" : "example@mail.com"
}"@
# Verifying authentication via Okta method
try {
$Result = ConvertFrom-JsonToOktaVerificationRequest -Json $OktaVerificationRequest
Send-OktaVerifyRequest -OktaVerificationRequest $Result
# Below is a request that includes all optional parameters
# Send-OktaVerifyRequest -OktaVerificationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-OktaVerifyRequest"
Write-Host $_.ErrorDetails
}
send-token-auth-request
This API Authenticate user in Token MFA method.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | TokenAuthRequest | TokenAuthRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Token authenticated status. | TokenAuthResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$TokenAuthRequest = @"{
"userAlias" : "will.albin",
"deliveryType" : "EMAIL_WORK",
"token" : "12345"
}"@
# Authenticate Token provided MFA method
try {
$Result = ConvertFrom-JsonToTokenAuthRequest -Json $TokenAuthRequest
Send-TokenAuthRequest -TokenAuthRequest $Result
# Below is a request that includes all optional parameters
# Send-TokenAuthRequest -TokenAuthRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-TokenAuthRequest"
Write-Host $_.ErrorDetails
}