I'm attempting to use the Okta API in a web application to allow users to activate/deactivate a SMS MFA factor on their accounts. However, I'm running into an issue as detailed below:
First, on a newly created account:
An SMS factor is enrolled via the Enroll Okta SMS Factor API method.
This factor is subsequently activated via the Acivate SMS Factor API method.
Then we deactivate the factor using the Reset Factor API method.
Now I again want to enroll for SMS factor but this time I am not able to receive SMS and OKTA auto activate my SMS factor.
Here issue is auto-activating sms factor.
How to fix this issue. Any lead will be appreciated.
I found a question similar to yours and this answer might help solve your problem: https://stackoverflow.com/a/58975572/10868827
I do not have enough reputation to create a comment for this, sorry!
Related
I have spring boot app which able to notify users via their emails about some events. In mentioned case app is using user email. I need same functionality for telegram - by user nickname or phone number my app have to notify user about event.
How to implement sush simple case?
I have already worked on a very large scale project. One of the requirements was to send notifications through various channels, including Telegram Messenger.
You can choose different ways to do this, The solution I can suggest to you is to use the APIs that Telegram itself has to communicate with the core.
I guarantee you that many of your needs will be met through these APIs.
I will share the link that helped me a lot before, I hope I could have helped you.
https://core.telegram.org/api
https://core.telegram.org/api/obtaining_api_id
Our use case demands that we count the number of chat messages a user is receiving in every hour. We don't want to receive or read the body of the chat. This is to ensure that we have a highly trusted and private design to meet privacy and security standards of US/European organizations.
With our research we found two alternatives:
Alternative1:
Get Chat
https://learn.microsoft.com/en-us/graph/api/chat-get?view=graph-rest-1.0&tabs=http
This is ideal for our needs, as the info we need is basic and the permission we seek from Admin is Chat.ReadBasic.All
Though this API needs to get chat ID for the users, for which we need to use List Chat API as well
List Chat
https://learn.microsoft.com/en-us/graph/api/chat-list?view=graph-rest-1.0&tabs=http
The issue with this API is that it does not allow Application level permission, and we are forced to get User's access token to access delegated access to this API - which is not a good security practice.
Alternative2:
**
**
https://learn.microsoft.com/en-us/graph/api/chats-getallmessages?view=graph-rest-1.0&tabs=http
We are able to count the chat messages with the Application level permission without a user level access token. Even though we are receiving the body of the chat messages, we are not reading or saving these.
The issue with this is that we have objections from Teams Admins of US and European companies -- as we do have access to the body of the chat, whether we read or not.
Request your help with
a) Suggest an API similar to List Chat API with Application level permission
b) Suggest an API similar to GetAllMessages API without the chat message body
c) Suggest an alternative we may not have considered
Thanks in advance!
Is there a way to schedule Outlook calendar events from an MS Teams app?
As I understand, Microsoft Graph API would be an option. However, users would need to authenticate twice to use that (once when logging in to Teams, and once to get the token).
Yes, you're correct, on both points. Graph is the best way to go on this, and you would need to authenticate, unfortunately. It's not Teams the user is authenticating to, per se, it's -your app- that's needing to get a token in order to operate on the user's behalf.
For a Bot, your best option is the Signin Card, but for a Tab it's possible to do a "silent" authentication.
#nagy.zsolt.hun, unfortunately there is no other way. You have to implement authentication. Well the Silent authentication can reduce your repetitive login's as #Hilton Giesenow mentioned.
I have already implemented two-factor authentication using the tinfoil gem in Rails. It's using Google Authenticator to display the verification code to the user.
I would also like to implement sending the verification code to the user via SMS. I am wondering what is the best solution for this?
I have also searched around and found free SMS services for Rails like SMS FU and SMS-easy, but it seems like the gems are not active and they don't support a lot of the UK carriers.
So, should I resort to paid service like twilio?
Twilio developer evangelist here.
For something important like two factor authentication, where you need the messages to arrive or your user cannot log in, then I highly recommend a paid service.
StackOverflow is not exactly the right site to be asking for opinions on this sort of thing, it is more for code issues that can be solved. However, if you are interested in using Twilio for this and you find yourself with any questions about the service, you can contact me directly at philnash#twilio.com.
You might used whatsapp or LINE from iOS or Android smartphone.
You need to activate your account but input your phone number at the first time.
And the app will try to send a SMS message to your phone for authentication.
Do you have any suggestion how they achieve this?
As far as I think, there might be some SMS API Service companies to help on that.
If so, do anyone have some suggestions or list for those companies which provide integrated global SMS Service API (via Web API to trigger)
And also if I want to receive SMS message from users, is there any suggested company to help on receiving SMS?
Or is there any better way to achieve similar goals (Sending and Receiving SMS via Web API worldwide)
I know that the company Twilio does it. Check this out http://www.twilio.com/api/sms
What you're talking about is often called as two-factor authorization, mobile verification API, one time password API. We (and me, personally) implemented this as a part of our SMS API.
As a first step, you must generate the code. And after the user received the message and entered it in your UI, you're validating it.