![]() The Sign-In Widget is easier to use and supports basic use cases.įor more advanced use cases, learn the Okta API basics. Check out the Okta Sign-In Widget that is built on the Authentication API. Note: Trusted web applications may need to override the client request context to forward the originating client context for the user. Trusted apps may implement their own recovery flows and primary authentication process and may collect additional metadata about the user before primary authentication successfully completes. Trusted applications are backend applications that act as an authentication broker or login portal for your Okta organization and may start an authentication or recovery transaction with an administrator API token. Public applications are aggressively rate-limited to prevent abuse and require primary authentication to be successfully completed before releasing any metadata about a user. Public applicationĪ public application is an application that anonymously starts an authentication or recovery transaction without an API token, such as the Okta Sign-In Widget. Note: In Identity Engine, the Multifactor (MFA) enrollment policy name has changed to authenticator enrollment policy. Note: Policy evaluation is conditional on the client request context such as IP address. The behavior of the Okta Authentication API varies depending on the type of your application and your org's security policies such as the global session policy, the MFA Enrollment Policy, or the Password Policy. This functionality is subject to the security policy set by the administrator. Recovery allows users to securely reset their password if they've forgotten it, or unlock their account if it has been locked out due to excessive failed login attempts.The Authentication API supports user enrollment with MFA factors enabled by the administrator, and MFA challenges based on your global session policy. Multifactor authentication (MFA) strengthens the security of password-based authentication by requiring additional verification of another Factor such as a temporary one-time passcode or an SMS passcode.Primary authentication allows you to verify the username and password credentials for a user.The API is targeted for developers who want to build their own end-to-end login experience to replace the built-in Okta login experience and addresses the following key scenarios: ![]() It can be used as a standalone API to provide the identity layer on top of your existing application, or it can be integrated with the Okta Sessions API (opens new window) to obtain an Okta session cookie and access apps within Okta. The Okta Authentication API provides operations to authenticate users, perform multifactor enrollment and verification, recover forgotten passwords, and unlock accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |