Skip to content
ConductorOne Docs
  • Auto
  • Light
  • Dark
Get Started

Step Up

Step Up

Step Up

Get
client.StepUp.GetTransaction(ctx, id) (*TransactionStepUpTransactionStepUpGetTransactionResponse, error)
get/api/v1/step-up/transactions/{id}
Step Up Transaction
StepUpTransactionstruct

StepUpTransaction represents a record of a step-up authentication attempt

This message contains a oneof named target. Only a single field of the following list may be set at a time:

  • approveTask
  • test
ShowShow
IDstring
optional

Unique identifier for the transaction

ApproveTaskPolicyStepIDstringTaskIDstringStepUpTransactionApproveTask
optional

Target for approving a task

Hide ParametersShow Parameters
PolicyStepIDstring
optional

ID of the policy step requiring step-up authentication

TaskIDstring
optional

ID of the task being approved

Claimsmap
optional
map[string, any]
CreatedAtTime
optional
formatdate-time
ErrorMessagestring
optional

Error message if the transaction failed

ExpiresAtTime
optional
formatdate-time
ProviderIDstring
optional

ID of the provider used for this step-up authentication

StateStepUpTransactionStateStepUpTransactionStateUnspecifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStatePendingStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateVerifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateErrorStepUpTransactionStateStepUpTransactionState
optional

Current state of the transaction

Hide ParametersShow Parameters
StepUpTransactionStateStepUpTransactionStateUnspecifiedconst
StepUpTransactionStateStepUpTransactionStateUnspecifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStatePendingStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateVerifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateErrorStepUpTransactionStateStepUpTransactionState
"STEP_UP_TRANSACTION_STATE_UNSPECIFIED"
StepUpTransactionStateStepUpTransactionStatePendingconst
StepUpTransactionStateStepUpTransactionStateUnspecifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStatePendingStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateVerifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateErrorStepUpTransactionStateStepUpTransactionState
"STEP_UP_TRANSACTION_STATE_PENDING"
StepUpTransactionStateStepUpTransactionStateVerifiedconst
StepUpTransactionStateStepUpTransactionStateUnspecifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStatePendingStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateVerifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateErrorStepUpTransactionStateStepUpTransactionState
"STEP_UP_TRANSACTION_STATE_VERIFIED"
StepUpTransactionStateStepUpTransactionStateErrorconst
StepUpTransactionStateStepUpTransactionStateUnspecifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStatePendingStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateVerifiedStepUpTransactionStateStepUpTransactionStateStepUpTransactionStateErrorStepUpTransactionStateStepUpTransactionState
"STEP_UP_TRANSACTION_STATE_ERROR"
Testany
optional

Target for testing a provider

UpdatedAtTime
optional
formatdate-time
UserIDstring
optional

ID of the user who performed the step-up authentication

Step UpProviders

Create
client.StepUp.Providers.New(ctx, body) (*StepUpProviderStepUpProviderStepUpProviderNewResponse, error)
post/api/v1/step-up/providers
Get
client.StepUp.Providers.Get(ctx, id) (*StepUpProviderStepUpProviderStepUpProviderGetResponse, error)
get/api/v1/step-up/providers/{id}
Update
client.StepUp.Providers.Update(ctx, id, body) (*StepUpProviderStepUpProviderStepUpProviderUpdateResponse, error)
post/api/v1/step-up/providers/{id}
List
client.StepUp.Providers.List(ctx) (*ListarrayNextPageTokenstringStepUpProviderListResponse, error)
get/api/v1/step-up/providers
Delete
client.StepUp.Providers.Delete(ctx, id, body) (*StepUpProviderDeleteResponse, error)
delete/api/v1/step-up/providers/{id}
Test
client.StepUp.Providers.Test(ctx, id, body) (*RedirectURLstringStepUpProviderTestResponse, error)
post/api/v1/step-up/providers/{id}/test
Update Secret
client.StepUp.Providers.UpdateSecret(ctx, id, body) (*StepUpProviderStepUpProviderStepUpProviderUpdateSecretResponse, error)
post/api/v1/step-up/providers/{id}/secret
Step Up Microsoft Settings
StepUpMicrosoftSettingsstruct

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

ShowShow
ConditionalAccessIDsarray
optional
[]string

The conditionalAccessIds field.

Tenantstring
optional

The tenant field.

Step Up Oauth2 Settings
StepUpOauth2Settingsstruct

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

  • "urn:okta:loa:1fa:any" (okta)
  • "urn:okta:loa:1fa:pwd" (okta)
  • "urn:okta:loa:2fa:any" (okta)
  • "urn:okta:loa:2fa:any:ifpossible" (okta)
  • "phr" (okta)
  • "phrh" (okta)
ShowShow
AcrValuesarray
optional
[]string

The acrValues field.

Step Up Provider
StepUpProviderstruct

The StepUpProvider message.

This message contains a oneof named settings. Only a single field of the following list may be set at a time:

  • oauth2
  • microsoft
ShowShow
IDstring
optional

The id field.

ClientIDstring
optional

The clientId field.

CreatedAtTime
optional
formatdate-time
DisplayNamestring
optional

The displayName field.

Enabledbool
optional

The enabled field.

IssuerURLstring
optional

The issuerUrl field.

LastTestedAtTime
optional
formatdate-time
MicrosoftConditionalAccessIDsarrayTenantstringStepUpMicrosoftSettings
optional

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

Oauth2AcrValuesarrayStepUpOauth2Settings
optional

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

  • "urn:okta:loa:1fa:any" (okta)
  • "urn:okta:loa:1fa:pwd" (okta)
  • "urn:okta:loa:2fa:any" (okta)
  • "urn:okta:loa:2fa:any:ifpossible" (okta)
  • "phr" (okta)
  • "phrh" (okta)
UpdatedAtTime
optional
formatdate-time