Okta · Capability

Okta API — UserFactor

Okta API — UserFactor. 9 operations. Lead operation: Okta Enroll Factor. Self-contained Naftiko capability covering one Okta business surface.

Run with Naftiko OktaUserFactor

What You Can Do

GET
Listfactors — Enumerates all the enrolled factors for the specified user
/v1/api/v1/users/{userid}/factors
POST
Enrollfactor — Okta Enroll Factor
/v1/api/v1/users/{userid}/factors
GET
Listsupportedfactors — Enumerates all the supported factors that can be enrolled for the specified user
/v1/api/v1/users/{userid}/factors/catalog
GET
Listsupportedsecurityquestions — Enumerates all available security questions for a user's `question` factor
/v1/api/v1/users/{userid}/factors/questions
GET
Getfactor — Fetches a factor for the specified user
/v1/api/v1/users/{userid}/factors/{factorid}
DELETE
Deletefactor — Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
/v1/api/v1/users/{userid}/factors/{factorid}
POST
Activatefactor — Okta Activate Factor
/v1/api/v1/users/{userid}/factors/{factorid}/lifecycle/activate
GET
Getfactortransactionstatus — Polls factors verification transaction for status.
/v1/api/v1/users/{userid}/factors/{factorid}/transactions/{transactionid}
POST
Verifyfactor — Okta Verify MFA Factor
/v1/api/v1/users/{userid}/factors/{factorid}/verify

MCP Tools

enumerates-all-enrolled-factors-specified

Enumerates all the enrolled factors for the specified user

read-only idempotent
okta-enroll-factor

Okta Enroll Factor

enumerates-all-supported-factors-that

Enumerates all the supported factors that can be enrolled for the specified user

read-only idempotent
enumerates-all-available-security-questions

Enumerates all available security questions for a user's `question` factor

read-only idempotent
fetches-factor-specified-user

Fetches a factor for the specified user

read-only idempotent
unenrolls-existing-factor-specified-user

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.

idempotent
okta-activate-factor

Okta Activate Factor

polls-factors-verification-transaction-status

Polls factors verification transaction for status.

read-only idempotent
okta-verify-mfa-factor

Okta Verify MFA Factor

Capability Spec

okta-userfactor.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Okta API — UserFactor
  description: 'Okta API — UserFactor. 9 operations. Lead operation: Okta Enroll Factor. Self-contained Naftiko capability
    covering one Okta business surface.'
  tags:
  - Okta
  - UserFactor
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OKTA_API_KEY: OKTA_API_KEY
capability:
  consumes:
  - type: http
    namespace: okta-userfactor
    baseUri: https://your-subdomain.okta.com
    description: Okta API — UserFactor business capability. Self-contained, no shared references.
    resources:
    - name: api-v1-users-userId-factors
      path: /api/v1/users/{userId}/factors
      operations:
      - name: listfactors
        method: GET
        description: Enumerates all the enrolled factors for the specified user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
      - name: enrollfactor
        method: POST
        description: Okta Enroll Factor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: updatePhone
          in: query
          type: boolean
        - name: templateId
          in: query
          type: string
          description: id of SMS template (only for SMS factor)
        - name: tokenLifetimeSeconds
          in: query
          type: integer
        - name: activate
          in: query
          type: boolean
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v1-users-userId-factors-catalog
      path: /api/v1/users/{userId}/factors/catalog
      operations:
      - name: listsupportedfactors
        method: GET
        description: Enumerates all the supported factors that can be enrolled for the specified user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
    - name: api-v1-users-userId-factors-questions
      path: /api/v1/users/{userId}/factors/questions
      operations:
      - name: listsupportedsecurityquestions
        method: GET
        description: Enumerates all available security questions for a user's `question` factor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
    - name: api-v1-users-userId-factors-factorId
      path: /api/v1/users/{userId}/factors/{factorId}
      operations:
      - name: getfactor
        method: GET
        description: Fetches a factor for the specified user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: factorId
          in: path
          type: string
          required: true
      - name: deletefactor
        method: DELETE
        description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: factorId
          in: path
          type: string
          required: true
    - name: api-v1-users-userId-factors-factorId-lifecycle-activate
      path: /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate
      operations:
      - name: activatefactor
        method: POST
        description: Okta Activate Factor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: factorId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-v1-users-userId-factors-factorId-transactions-transactionId
      path: /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}
      operations:
      - name: getfactortransactionstatus
        method: GET
        description: Polls factors verification transaction for status.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: factorId
          in: path
          type: string
          required: true
        - name: transactionId
          in: path
          type: string
          required: true
    - name: api-v1-users-userId-factors-factorId-verify
      path: /api/v1/users/{userId}/factors/{factorId}/verify
      operations:
      - name: verifyfactor
        method: POST
        description: Okta Verify MFA Factor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          required: true
        - name: factorId
          in: path
          type: string
          required: true
        - name: templateId
          in: query
          type: string
        - name: tokenLifetimeSeconds
          in: query
          type: integer
        - name: X-Forwarded-For
          in: header
          type: string
        - name: User-Agent
          in: header
          type: string
        - name: Accept-Language
          in: header
          type: string
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.OKTA_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: okta-userfactor-rest
    port: 8080
    description: REST adapter for Okta API — UserFactor. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/api/v1/users/{userid}/factors
      name: api-v1-users-userid-factors
      description: REST surface for api-v1-users-userId-factors.
      operations:
      - method: GET
        name: listfactors
        description: Enumerates all the enrolled factors for the specified user
        call: okta-userfactor.listfactors
        with:
          userId: rest.userId
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: enrollfactor
        description: Okta Enroll Factor
        call: okta-userfactor.enrollfactor
        with:
          userId: rest.userId
          updatePhone: rest.updatePhone
          templateId: rest.templateId
          tokenLifetimeSeconds: rest.tokenLifetimeSeconds
          activate: rest.activate
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/catalog
      name: api-v1-users-userid-factors-catalog
      description: REST surface for api-v1-users-userId-factors-catalog.
      operations:
      - method: GET
        name: listsupportedfactors
        description: Enumerates all the supported factors that can be enrolled for the specified user
        call: okta-userfactor.listsupportedfactors
        with:
          userId: rest.userId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/questions
      name: api-v1-users-userid-factors-questions
      description: REST surface for api-v1-users-userId-factors-questions.
      operations:
      - method: GET
        name: listsupportedsecurityquestions
        description: Enumerates all available security questions for a user's `question` factor
        call: okta-userfactor.listsupportedsecurityquestions
        with:
          userId: rest.userId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/{factorid}
      name: api-v1-users-userid-factors-factorid
      description: REST surface for api-v1-users-userId-factors-factorId.
      operations:
      - method: GET
        name: getfactor
        description: Fetches a factor for the specified user
        call: okta-userfactor.getfactor
        with:
          userId: rest.userId
          factorId: rest.factorId
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletefactor
        description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
        call: okta-userfactor.deletefactor
        with:
          userId: rest.userId
          factorId: rest.factorId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/{factorid}/lifecycle/activate
      name: api-v1-users-userid-factors-factorid-lifecycle-activate
      description: REST surface for api-v1-users-userId-factors-factorId-lifecycle-activate.
      operations:
      - method: POST
        name: activatefactor
        description: Okta Activate Factor
        call: okta-userfactor.activatefactor
        with:
          userId: rest.userId
          factorId: rest.factorId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/{factorid}/transactions/{transactionid}
      name: api-v1-users-userid-factors-factorid-transactions-transactionid
      description: REST surface for api-v1-users-userId-factors-factorId-transactions-transactionId.
      operations:
      - method: GET
        name: getfactortransactionstatus
        description: Polls factors verification transaction for status.
        call: okta-userfactor.getfactortransactionstatus
        with:
          userId: rest.userId
          factorId: rest.factorId
          transactionId: rest.transactionId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/users/{userid}/factors/{factorid}/verify
      name: api-v1-users-userid-factors-factorid-verify
      description: REST surface for api-v1-users-userId-factors-factorId-verify.
      operations:
      - method: POST
        name: verifyfactor
        description: Okta Verify MFA Factor
        call: okta-userfactor.verifyfactor
        with:
          userId: rest.userId
          factorId: rest.factorId
          templateId: rest.templateId
          tokenLifetimeSeconds: rest.tokenLifetimeSeconds
          X-Forwarded-For: rest.X-Forwarded-For
          User-Agent: rest.User-Agent
          Accept-Language: rest.Accept-Language
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: okta-userfactor-mcp
    port: 9090
    transport: http
    description: MCP adapter for Okta API — UserFactor. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: enumerates-all-enrolled-factors-specified
      description: Enumerates all the enrolled factors for the specified user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: okta-userfactor.listfactors
      with:
        userId: tools.userId
      outputParameters:
      - type: object
        mapping: $.
    - name: okta-enroll-factor
      description: Okta Enroll Factor
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: okta-userfactor.enrollfactor
      with:
        userId: tools.userId
        updatePhone: tools.updatePhone
        templateId: tools.templateId
        tokenLifetimeSeconds: tools.tokenLifetimeSeconds
        activate: tools.activate
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: enumerates-all-supported-factors-that
      description: Enumerates all the supported factors that can be enrolled for the specified user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: okta-userfactor.listsupportedfactors
      with:
        userId: tools.userId
      outputParameters:
      - type: object
        mapping: $.
    - name: enumerates-all-available-security-questions
      description: Enumerates all available security questions for a user's `question` factor
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: okta-userfactor.listsupportedsecurityquestions
      with:
        userId: tools.userId
      outputParameters:
      - type: object
        mapping: $.
    - name: fetches-factor-specified-user
      description: Fetches a factor for the specified user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: okta-userfactor.getfactor
      with:
        userId: tools.userId
        factorId: tools.factorId
      outputParameters:
      - type: object
        mapping: $.
    - name: unenrolls-existing-factor-specified-user
      description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: okta-userfactor.deletefactor
      with:
        userId: tools.userId
        factorId: tools.factorId
      outputParameters:
      - type: object
        mapping: $.
    - name: okta-activate-factor
      description: Okta Activate Factor
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: okta-userfactor.activatefactor
      with:
        userId: tools.userId
        factorId: tools.factorId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: polls-factors-verification-transaction-status
      description: Polls factors verification transaction for status.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: okta-userfactor.getfactortransactionstatus
      with:
        userId: tools.userId
        factorId: tools.factorId
        transactionId: tools.transactionId
      outputParameters:
      - type: object
        mapping: $.
    - name: okta-verify-mfa-factor
      description: Okta Verify MFA Factor
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: okta-userfactor.verifyfactor
      with:
        userId: tools.userId
        factorId: tools.factorId
        templateId: tools.templateId
        tokenLifetimeSeconds: tools.tokenLifetimeSeconds
        X-Forwarded-For: tools.X-Forwarded-For
        User-Agent: tools.User-Agent
        Accept-Language: tools.Accept-Language
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.