LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-07 04:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bdb088c15d658724ba159ccb8208ead957056c7a
developer.sailpoint.com/docs/tools/sdk/powershell/Reference/Beta/Methods/BetaMFAControllerApi.md
developer-relations-sp bdb088c15d Update to powershell SDK docs: 13122455471
2025-02-03 20:42:04 +00:00

14 KiB
Raw Blame History

id: beta-mfa-controller title: MFAController pagination_label: MFAController sidebar_label: MFAController sidebar_class_name: powershellsdk keywords: ['powershell', 'PowerShell', 'sdk', 'MFAController', 'BetaMFAController'] slug: /tools/sdk/powershell/beta/methods/mfa-controller tags: ['SDK', 'Software Development Kit', 'MFAController', 'BetaMFAController']

MFAController

This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method

All URIs are relative to https://sailpoint.api.identitynow.com/beta

Method HTTP request Description
New-BetaSendToken POST /mfa/token/send Create and send user token
Ping-BetaVerificationStatus POST /mfa/{method}/poll Polling MFA method by VerificationPollRequest
Send-BetaDuoVerifyRequest POST /mfa/duo-web/verify Verifying authentication via Duo method
Send-BetaKbaAnswers POST /mfa/kba/authenticate Authenticate KBA provided MFA method
Send-BetaOktaVerifyRequest POST /mfa/okta-verify/verify Verifying authentication via Okta method
Send-BetaTokenAuthRequest POST /mfa/token/authenticate Authenticate Token provided MFA method

create-send-token

This API send token request.

Parameters

Param Type Name Data Type Required Description
Body SendTokenRequest SendTokenRequest True

Return type

SendTokenResponse

Responses

Code Description Data Type
200 Token send status. SendTokenResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$SendTokenRequest = @"{
  "userAlias" : "will.albin",
  "deliveryType" : "EMAIL_WORK"
}"@

# Create and send user token

try {
    $Result = ConvertFrom-JsonToSendTokenRequest -Json $SendTokenRequest
    New-BetaSendToken-BetaSendTokenRequest $Result
    
    # Below is a request that includes all optional parameters
    # New-BetaSendToken -BetaSendTokenRequest $SendTokenRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaSendToken"
    Write-Host $_.ErrorDetails
}

[Back to top]

ping-verification-status

This API poll the VerificationPollRequest for the specified MFA method.

Parameters

Param Type Name Data Type Required Description
Path Method String True The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
Body VerificationPollRequest VerificationPollRequest True

Return type

VerificationResponse

Responses

Code Description Data Type
200 MFA VerificationPollRequest status an MFA method. VerificationResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$Method = "okta-verify" # String | The name of the MFA method. The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
$VerificationPollRequest = @"{
  "requestId" : "089899f13a8f4da7824996191587bab9"
}"@

# Polling MFA method by VerificationPollRequest

try {
    $Result = ConvertFrom-JsonToVerificationPollRequest -Json $VerificationPollRequest
    Ping-BetaVerificationStatus-BetaMethod $Method -BetaVerificationPollRequest $Result
    
    # Below is a request that includes all optional parameters
    # Ping-BetaVerificationStatus -BetaMethod $Method -BetaVerificationPollRequest $VerificationPollRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Ping-BetaVerificationStatus"
    Write-Host $_.ErrorDetails
}

[Back to top]

send-duo-verify-request

This API Authenticates the user via Duo-Web MFA method.

Parameters

Param Type Name Data Type Required Description
Body DuoVerificationRequest DuoVerificationRequest True

Return type

VerificationResponse

Responses

Code Description Data Type
200 The status of verification request. VerificationResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$DuoVerificationRequest = @"{
  "signedResponse" : "AUTH|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjUzMDg5|f1f5f8ced5b340f3d303b05d0efa0e43b6a8f970:APP|d2lsbC5hbGJpbnxESTZNMFpHSThKQVRWTVpZN0M5VXwxNzAxMjU2NjE5|cb44cf44353f5127edcae31b1da0355f87357db2",
  "userId" : "2c9180947f0ef465017f215cbcfd004b"
}"@

# Verifying authentication via Duo method

try {
    $Result = ConvertFrom-JsonToDuoVerificationRequest -Json $DuoVerificationRequest
    Send-BetaDuoVerifyRequest-BetaDuoVerificationRequest $Result
    
    # Below is a request that includes all optional parameters
    # Send-BetaDuoVerifyRequest -BetaDuoVerificationRequest $DuoVerificationRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaDuoVerifyRequest"
    Write-Host $_.ErrorDetails
}

[Back to top]

send-kba-answers

This API Authenticate user in KBA MFA method.

Parameters

Param Type Name Data Type Required Description
Body KbaAnswerRequestItem []KbaAnswerRequestItem True

Return type

KbaAuthResponse

Responses

Code Description Data Type
200 KBA authenticated status. KbaAuthResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

 $KbaAnswerRequestItem = @"{
  "answer" : "Your answer",
  "id" : "c54fee53-2d63-4fc5-9259-3e93b9994135"
}"@ # KbaAnswerRequestItem[] | 
 

# Authenticate KBA provided MFA method

try {
    $Result = ConvertFrom-JsonToKbaAnswerRequestItem -Json $KbaAnswerRequestItem
    Send-BetaKbaAnswers-BetaKbaAnswerRequestItem $Result
    
    # Below is a request that includes all optional parameters
    # Send-BetaKbaAnswers -BetaKbaAnswerRequestItem $KbaAnswerRequestItem  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaKbaAnswers"
    Write-Host $_.ErrorDetails
}

[Back to top]

send-okta-verify-request

This API Authenticates the user via Okta-Verify MFA method. Request requires a header called 'slpt-forwarding', and it must contain a remote IP Address of caller.

Parameters

Param Type Name Data Type Required Description
Body OktaVerificationRequest OktaVerificationRequest True

Return type

VerificationResponse

Responses

Code Description Data Type
200 The status of verification request. VerificationResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$OktaVerificationRequest = @"{
  "userId" : "example@mail.com"
}"@

# Verifying authentication via Okta method

try {
    $Result = ConvertFrom-JsonToOktaVerificationRequest -Json $OktaVerificationRequest
    Send-BetaOktaVerifyRequest-BetaOktaVerificationRequest $Result
    
    # Below is a request that includes all optional parameters
    # Send-BetaOktaVerifyRequest -BetaOktaVerificationRequest $OktaVerificationRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaOktaVerifyRequest"
    Write-Host $_.ErrorDetails
}

[Back to top]

send-token-auth-request

This API Authenticate user in Token MFA method.

Parameters

Param Type Name Data Type Required Description
Body TokenAuthRequest TokenAuthRequest True

Return type

TokenAuthResponse

Responses

Code Description Data Type
200 Token authenticated status. TokenAuthResponse
400 Client Error - Returned if the request body is invalid. ErrorResponseDto
401 Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. ListAccessModelMetadataAttribute401Response
403 Forbidden - Returned if the user you are running as, doesn't have access to this end-point. ErrorResponseDto
429 Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. ListAccessModelMetadataAttribute429Response
500 Internal Server Error - Returned if there is an unexpected error. ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$TokenAuthRequest = @"{
  "userAlias" : "will.albin",
  "deliveryType" : "EMAIL_WORK",
  "token" : "12345"
}"@

# Authenticate Token provided MFA method

try {
    $Result = ConvertFrom-JsonToTokenAuthRequest -Json $TokenAuthRequest
    Send-BetaTokenAuthRequest-BetaTokenAuthRequest $Result
    
    # Below is a request that includes all optional parameters
    # Send-BetaTokenAuthRequest -BetaTokenAuthRequest $TokenAuthRequest  
} catch {
    Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaTokenAuthRequest"
    Write-Host $_.ErrorDetails
}

[Back to top]