Authenticates the user with Okta using TOTP code
This step authenticates the user by validating a TOTP code generated in the user's TOTP authenticator app against Okta–an external identity provider. It is used for Just-In-Time (JIT) migration scenarios where users are gradually migrated from Okta to Mosaic as they log in.
Before using this step, configure an Okta connection in Integration Hub.
The user identifier and TOTP code must be obtained before initiating this step, such as using a Collect information form. If the authentication succeeds, the journey continues to the next step. The authentication result is stored in the output variable and can be used in subsequent steps (e.g., to create a user in Mosaic).
If the authentication fails (e.g., incorrect or expired TOTP code), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client.
| Field | Description |
|---|---|
| Okta integration | The Okta connector to use for authentication, as configured in Integration Hub. |
| User identifier | Expression that yields the user's identifier in Okta. |
| TOTP code | Expression that yields the TOTP code entered by the user. |
| Authenticator ID | The ID of the TOTP authenticator registered in Okta. |
| Scope | OAuth scopes to request from Okta. Default: openid profile email. |
| Output variable | Name of the variable that stores the authentication result returned by Okta. |
| Error output variable | Name of the variable that stores any errors returned by the step. |
| Failure behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |
This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see Additional data reporting.
Consider a migration journey that collects a user identifier and TOTP code using a Collect information step. The Okta TOTP Authentication step validates the code against Okta. If successful, the output variable (okta_tokens) contains user information, including ID token and user_info, that can be used to create or update a user in Mosaic using the Create user step.