Change Default MFA Factor or Un-Enroll in MFA
/mfa/v1/users/{userGUID}
Request
- application/json
-
userGUID: string
Unique identifier for User
-
Authorization: string
Provide a valid OAuth Access Token that has the 'MFA Client' scope.
object
-
disableMFA(optional):
string
This attribute indicates that the user wants to disable MFA from his profile. This removes all enrolled factors from a user's profile. Supported values for this attribute are:
- true
- false
-
preferredFactorId(optional):
string
This attribute contains the unique identifier of an enrolled factor that the user wants to set as his default MFA factor. In case of SECURITY_QUESTIONS method, this attribute should have it's value set to -'SecurityQuestions'
-
preferredMethod(optional):
string
This attribute indicates the MFA method that the user wants to set as his default method of authentication. Supported values for this attribute are:
- SMS
- PHONE_CALL
- TOTP
- PUSH
- SECURITY_QUESTIONS
When a user wants to change his default MFA factor, this attribute also needs the preferredFactorId attribute to be provided.
Response
200 Response
400 Response
401 Response
404 Response
500 Response
Examples
The following example shows how to change the default factor or un-enroll in MFA by submitting a PATCH request on the REST resource using cURL. For more information about cURL, see Use cURL.
Note:
There is an Oracle Identity Cloud Service Factor Enrollment Postman collection available. Download the collection and example environment with variables from the idcs-factor-enrollment-api folder within GitHub and import them into a REST client.cURL Command
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path,
where
tenant-base-url
represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use.
The following request and response examples are included for this API:
curl
-X PATCH
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/mfa/v1/users/{userGUID}
Example of a Request Body When Changing the Default Factor
The following example shows the contents of the request body in JSON format when a user wants to change their default factor:
{
"preferredFactorId":"{{factorID}}",
"preferredMethod":"TOTP/EMAIL/PUSH/SMS"
}
Example of a Response Body When Changing the Default Factor
The following example shows the contents of the response body in JSON format when a user wants to change their default factor:
{
"status": "success"
}
Example of a Request Body When Un-Enrolling in MFA
The following example shows the contents of the response body in JSON format when a user wants to un-enroll in MFA:
{
"disableMFA": true
}
Example of a Response Body When Un-Enrolling in MFA
The following example shows the contents of the response body in JSON format a user wants to un-enroll in MFA:
{
"status": "success"
}
Error Response Examples
The following example shows the contents of the response body in JSON format when the userGUID is invalid:
{
"status": "failed",
"ecId": "0d1QwglU0000Fy",
"cause": [
{
"code": "AUTH-3018",
"message": "User not found."
}
]
}
The following example shows the contents of the response body in JSON format when the user isn't enrolled in MFA:
{
"status": "failed",
"ecId": "0000Mif1RDW2800000J",
"cause": [
{
"code": "AUTH-1131",
"message": "The user is not authorized to perform this action, since has not enrolled for any MFA factors."
}
]
}