Step Up

Get

client.stepUp.retrieveTransaction(, ?):

get/api/v1/step-up/transactions/{id}

Step Up Transaction

StepUpTransaction

StepUpTransaction represents a record of a step-up authentication attempt

This message contains a oneof named target. Only a single field of the following list may be set at a time:

approveTask
test

ShowShow

idstring

optional

Unique identifier for the transaction

approveTaskunion

optional

| null

Target for approving a task

Hide ParametersShow Parameters

policyStepIdstring

optional

ID of the policy step requiring step-up authentication

taskIdstring

optional

ID of the task being approved

claimsRecord<string, unknown>

optional

createdAtstring

optional

formatdate-time

errorMessagestring

optional

Error message if the transaction failed

expiresAtstring

optional

formatdate-time

providerIdstring

optional

ID of the provider used for this step-up authentication

stateunion

optional

"STEP_UP_TRANSACTION_STATE_UNSPECIFIED" | "STEP_UP_TRANSACTION_STATE_PENDING" | "STEP_UP_TRANSACTION_STATE_VERIFIED" | "STEP_UP_TRANSACTION_STATE_ERROR"

Current state of the transaction

Hide ParametersShow Parameters

"STEP_UP_TRANSACTION_STATE_UNSPECIFIED"

"STEP_UP_TRANSACTION_STATE_PENDING"

"STEP_UP_TRANSACTION_STATE_VERIFIED"

"STEP_UP_TRANSACTION_STATE_ERROR"

testunknown

optional

Target for testing a provider

updatedAtstring

optional

formatdate-time

userIdstring

optional

ID of the user who performed the step-up authentication

Step UpProviders

Create

client.stepUp.providers.create(?, ?):

post/api/v1/step-up/providers

Get

client.stepUp.providers.retrieve(, ?):

get/api/v1/step-up/providers/{id}

Update

client.stepUp.providers.update(, ?, ?):

post/api/v1/step-up/providers/{id}

List

client.stepUp.providers.list(?):

get/api/v1/step-up/providers

Delete

client.stepUp.providers.delete(, ?, ?): ProviderDeleteResponse

delete/api/v1/step-up/providers/{id}

Test

client.stepUp.providers.test(, ?, ?):

post/api/v1/step-up/providers/{id}/test

Update Secret

client.stepUp.providers.updateSecret(, ?, ?):

post/api/v1/step-up/providers/{id}/secret

Step Up Microsoft Settings

StepUpMicrosoftSettings

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

ShowShow

conditionalAccessIdsunion

optional

Array<string> | null

The conditionalAccessIds field.

tenantstring

optional

The tenant field.

Step Up Oauth2 Settings

StepUpOauth2Settings

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

"urn:okta:loa:1fa:any" (okta)
"urn:okta:loa:1fa:pwd" (okta)
"urn:okta:loa:2fa:any" (okta)
"urn:okta:loa:2fa:any:ifpossible" (okta)
"phr" (okta)
"phrh" (okta)

ShowShow

acrValuesunion

optional

Array<string> | null

The acrValues field.

Step Up Provider

StepUpProvider

The StepUpProvider message.

This message contains a oneof named settings. Only a single field of the following list may be set at a time:

oauth2
microsoft

ShowShow

idstring

optional

The id field.

clientIdstring

optional

The clientId field.

createdAtstring

optional

formatdate-time

displayNamestring

optional

The displayName field.

enabledboolean

optional

The enabled field.

issuerUrlstring

optional

The issuerUrl field.

lastTestedAtstring

optional

formatdate-time

microsoftunion

optional

| null

StepUpMicrosoftSettings represents a Microsoft Entra Provider using Conditional Access Policies to enforce step-up authentication.

oauth2union

optional

| null

StepUpOAuth2Settings repersents an OAuth2 provider that supports RFC 9470 https://www.rfc-editor.org/rfc/rfc9470

Common ACR values for OAuth2 providers include:

"urn:okta:loa:1fa:any" (okta)
"urn:okta:loa:1fa:pwd" (okta)
"urn:okta:loa:2fa:any" (okta)
"urn:okta:loa:2fa:any:ifpossible" (okta)
"phr" (okta)
"phrh" (okta)

updatedAtstring

optional

formatdate-time