Skip to content
ConductorOne Docs
  • Auto
  • Light
  • Dark
Get Started

Step Up

Step Up

Step Up

Get
get/api/v1/step-up/transactions/{id}
Step Up Transaction
StepUpTransactionobject

StepUpTransaction represents a record of a step-up authentication attempt

This message contains a oneof named target. Only a single field of the following list may be set at a time:

  • approveTask
  • test
ShowShow
idstring
optional

Unique identifier for the transaction

approveTaskobject
optional

Target for approving a task

Hide ParametersShow Parameters
policyStepIdstring
optional

ID of the policy step requiring step-up authentication

taskIdstring
optional

ID of the task being approved

claimsmap
optional
createdAtstring
optional
formatdate-time
errorMessagestring
optional

Error message if the transaction failed

expiresAtstring
optional
formatdate-time
providerIdstring
optional

ID of the provider used for this step-up authentication

stateenum
optional
"STEP_UP_TRANSACTION_STATE_UNSPECIFIED" OR "STEP_UP_TRANSACTION_STATE_PENDING" OR "STEP_UP_TRANSACTION_STATE_VERIFIED" OR "STEP_UP_TRANSACTION_STATE_ERROR"

Current state of the transaction

Hide ParametersShow Parameters
"STEP_UP_TRANSACTION_STATE_UNSPECIFIED"
"STEP_UP_TRANSACTION_STATE_PENDING"
"STEP_UP_TRANSACTION_STATE_VERIFIED"
"STEP_UP_TRANSACTION_STATE_ERROR"
testunknown
optional

Target for testing a provider

updatedAtstring
optional
formatdate-time
userIdstring
optional

ID of the user who performed the step-up authentication

Step UpProviders

Create
post/api/v1/step-up/providers
Get
get/api/v1/step-up/providers/{id}
Update
post/api/v1/step-up/providers/{id}
List
get/api/v1/step-up/providers
Delete
delete/api/v1/step-up/providers/{id}
Test
post/api/v1/step-up/providers/{id}/test
Update Secret
post/api/v1/step-up/providers/{id}/secret
Step Up Microsoft Settings
StepUpMicrosoftSettingsobject

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

ShowShow
conditionalAccessIdsarray of string
optional

The conditionalAccessIds field.

tenantstring
optional

The tenant field.

Step Up Oauth2 Settings
StepUpOauth2Settingsobject

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

  • "urn:okta:loa:1fa:any" (okta)
  • "urn:okta:loa:1fa:pwd" (okta)
  • "urn:okta:loa:2fa:any" (okta)
  • "urn:okta:loa:2fa:any:ifpossible" (okta)
  • "phr" (okta)
  • "phrh" (okta)
ShowShow
acrValuesarray of string
optional

The acrValues field.

Step Up Provider
StepUpProviderobject

The StepUpProvider message.

This message contains a oneof named settings. Only a single field of the following list may be set at a time:

  • oauth2
  • microsoft
ShowShow
idstring
optional

The id field.

clientIdstring
optional

The clientId field.

createdAtstring
optional
formatdate-time
displayNamestring
optional

The displayName field.

enabledboolean
optional

The enabled field.

issuerUrlstring
optional

The issuerUrl field.

lastTestedAtstring
optional
formatdate-time
microsoftconditionalAccessIdsarray of stringtenantstringStepUpMicrosoftSettings
optional

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

oauth2acrValuesarray of stringStepUpOauth2Settings
optional

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

  • "urn:okta:loa:1fa:any" (okta)
  • "urn:okta:loa:1fa:pwd" (okta)
  • "urn:okta:loa:2fa:any" (okta)
  • "urn:okta:loa:2fa:any:ifpossible" (okta)
  • "phr" (okta)
  • "phrh" (okta)
updatedAtstring
optional
formatdate-time