Activate an Authentication Factor
Use this API to trigger an SMS, Voice, Email or Push notification containing a One-Time Password (OTP) or Magic Link that can be used to authenticate a user with the Verify Factor call. For OneLogin Protect or Google Authenticator with OTP, this call needs to be performed to generate a verification_id
which can be used to validate the OTP code.
Resource URL
https://<subdomain>/api/2/mfa/users/<user_id>/verifications
Header Parameter
Authorization required string | Set to Set The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using the |
Resource Parameters
user_id required integer |
Set to the If you don’t know the user’s |
Request Parameter
device_id integer |
Required. Specifies the factor to be verified. |
expires_in integer |
Optional. Sets the window of time in seconds that the factor must be verified within. Defaults to 120 seconds (2 minutes). Max 900 seconds (15 minutes). |
redirect_to string |
Optional. Only applies to Email MagicLink factor. Redirects MagicLink success page to specified URL after 2 seconds. |
custom_message string |
Optional. Only applies to SMS factor. A message template that will be sent via SMS. Max length of the message after template items are inserted is 160 characters including the OTP code. The following template variables can be included in the message.
|
Request Body
With optional expires_in
value for OTP
{
"device_id": 2825320,
"expires_in": 240
}
With optional redirect_to
value for MagicLink factor
{
"device_id": 2825320,
"redirect_to": "https://google.com"
}
Sample Response
OneLogin SMS
- 201 Created
- 401 Unauthorized
[
{
"user_display_name": "OneLogin SMS",
"id": "afc1a96d-2006-452a-a484-b2d084b00d76",
"auth_factor_name": "SMS",
"type_display_name": "OneLogin SMS",
"user_id": "64515901",
"device_id": "3920371",
"expires_at": "2020-07-21T20:26:44Z"
}
]
{
"statusCode": 401,
"name": "InvalidCredentials",
"message": "Please provide valid credentials"
}
OneLogin Email
- 201 Created
- 401 Unauthorized
{
"user_display_name": "Email",
"id": "a274ea6b-8c3f-403b-8388-92028db4763a",
"auth_factor_name": "OneLogin Email",
"type_display_name": "Email",
"user_id": "12345678",
"device_id": "6123456",
"expires_at": "2021-01-27T20:32:44Z"
}
{
"statusCode": 401,
"name": "InvalidCredentials",
"message": "Please provide valid credentials"
}
OneLogin Voice
- 201 Created
- 401 Unauthorized
{
"user_display_name": "OneLogin Voice",
"id": "906621ef-0a42-4032-ae34-673d439f8326",
"auth_factor_name": "OneLogin Voice",
"type_display_name": "OneLogin Voice",
"user_id": "87654321",
"device_id": "1234567",
"expires_at": "2021-01-27T20:34:05Z",
"factor_data": {
"verification_token": "123456"
}
}
{
"statusCode": 401,
"name": "InvalidCredentials",
"message": "Please provide valid credentials"
}
OneLogin Protect
- 201 Created
- 401 Unauthorized
{
"user_display_name": "OneLogin Protect",
"id": "f4c4a72c-c9f4-4b52-90f1-1740bcc6332e",
"auth_factor_name": "OneLogin",
"type_display_name": "OneLogin Protect",
"user_id": "12345678",
"device_id": "7654321"
}
{
"statusCode": 401,
"name": "InvalidCredentials",
"message": "Please provide valid credentials"
}
Response Elements
expires_at |
A short lived token that is required to Verify the Factor. This token expires based on the expires_in parameter passed in. |
auth_factor_name |
Authentication factor name, as it appears to administrators in OneLogin. |
type_display_name |
Authentication factor display name as it appears to users upon initial registration, as defined by admins at Settings > Authentication Factors. |
user_display_name |
Authentication factor display name assigned by users when they enroll the device. |
id |
Verification identifier used in subsequent verification step. |
user_id |
Identifier for the user. |
Postman Collection
- Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.
Sample Code
cURL
Replace sample values indicated by < >
with your actual values.
curl 'https://<subdomain>/api/2/mfa/users/<user_id>/verifications' \
-X POST \
-H "Authorization: bearer: <access_token>" \
-H "Content-Type: application/json" \
-d '{
"device_id": 1234567,
"expires_in": 240
}'
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.