arazzo: 1.0.1
info:
  title: Okta Enroll and Activate User Factor
  summary: Enroll an MFA factor for a user and activate it with a passcode.
  description: >-
    Sets up multi-factor authentication for a user. The workflow enrolls a
    supported factor for the user and then activates the pending factor using a
    one-time passcode, completing the enrollment so the factor can be used for
    verification. The new factor id is chained from enrollment into activation.
    Every step spells out its request inline, including the SSWS API token
    header, so the flow can be read and executed without opening the underlying
    OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: enroll-and-activate-factor
  summary: Enroll an MFA factor and activate it with a passcode.
  description: >-
    Enrolls a factor of the supplied type and provider for a user, then
    activates the pending factor with a passcode.
  inputs:
    type: object
    required:
    - oktaApiToken
    - userId
    - factorType
    - provider
    - passCode
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      userId:
        type: string
        description: The id of the user to enroll the factor for.
      factorType:
        type: string
        description: The factor type to enroll (e.g. sms, token:software:totp, push).
      provider:
        type: string
        description: The factor provider (e.g. OKTA, GOOGLE).
      passCode:
        type: string
        description: The one-time passcode used to activate the enrolled factor.
  steps:
  - stepId: enrollFactor
    description: >-
      Enroll the user in a supported factor, leaving it in a pending activation
      state.
    operationId: enrollFactor
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: userId
      in: path
      value: $inputs.userId
    requestBody:
      contentType: application/json
      payload:
        factorType: $inputs.factorType
        provider: $inputs.provider
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      factorId: $response.body#/id
      factorStatus: $response.body#/status
  - stepId: activateFactor
    description: >-
      Activate the pending factor by submitting the user's one-time passcode.
    operationId: activateFactor
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: userId
      in: path
      value: $inputs.userId
    - name: factorId
      in: path
      value: $steps.enrollFactor.outputs.factorId
    requestBody:
      contentType: application/json
      payload:
        passCode: $inputs.passCode
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      activatedStatus: $response.body#/status
  outputs:
    factorId: $steps.enrollFactor.outputs.factorId
    activatedStatus: $steps.activateFactor.outputs.activatedStatus