Qodex.ai

Create an MFA Transaction Approval using SMS

Number of APIs: 19

This activity shows you how to create a transaction approval MFA authentication flow using a request token to encode the request parameters in a signed JWT.

The following operations are supported by the PingOne APIs:

  • Create an application
  • Create a sign-on policy
  • Create an SMS sign-on policy action
  • Create a device authentication policy
  • Create a user
  • Initiate an authorize request using a request token and a login_hint_token
  • Use the OTP check API to complete the MFA action

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To complete a transaction approval MFA authentication flow, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to return the new application's secret attribute, which is needed for the token request.

  3. Make a GET request to /environments/{{envID}}/resources to return a list of all resource entities associated with the specified environment.

  4. Make a GET request to /environments/{{envID}}/resources/{{resourceID}}/scopes to list all scopes associated with a specified resource.

  5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create a new resource access grant for the application.

  6. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

  7. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}}/actions to define the SMS MFA action associated with this sign-on policy.

  8. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the sign-on policy with the application.

  9. Make a POST request to /environments/{{envID}}/templates/transaction/contents to create a transaction notification template.

  10. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  11. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  12. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user's password.

  13. Make a POST request to /environments/{{envID}}/users/{{userID}}/mfaEnabled to enable MFA actions for this user.

  14. Make a POST request to /environments/{{envID}}/deviceAuthenticationPolicies to create the device authentication policy.

  15. Make a POST request to /environments/{{envID}}/users/{{userID}}/devices to associate an SMS MFA device with this user.

  16. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

  17. To complete the SMS MFA action, make a POST request to GET /{{envID}}/flows/{{flowID}} and provide the one-time passcode.

  18. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the auth code.

  19. Make a POST request to /{{envID}}/as/token to exchange the auth code for an access token.

  1. Step 7: Create an SMS MFA sign-on policy action POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{mfaSignonPolicyID}}/actions

  2. Step 8: Assign the sign-on policy to the web application POST {{apiPath}}/environments/{{envID}}/applications/{{webApp4MfaId}}/signOnPolicyAssignments

  3. Step 4: Get all OIDC Scopes GET {{apiPath}}/environments/{{envID}}/resources/{{openidResourceID}}/scopes

  4. Step 1: Create a web application POST {{apiPath}}/environments/{{envID}}/applications

  5. Step 2: Get the application secret GET {{apiPath}}/environments/{{envID}}/applications/{{webApp4MfaId}}/secret

  6. Step 3: Get all resources GET {{apiPath}}/environments/{{envID}}/resources

  7. Step 5: Assign a resource grant to the web application POST {{apiPath}}/environments/{{envID}}/applications/{{webApp4MfaId}}/grants

  8. Step 9: Create a transaction SMS template POST {{apiPath}}/environments/{{envID}}/templates/transaction/contents

  9. Step 11: Create user POST {{apiPath}}/environments/{{envID}}/users

  10. Step 12: Set user password PUT {{apiPath}}/environments/{{envID}}/users/{{MFAUserID}}/password