问题
I am attempting to generate a SAML assertion using the OneLogin API. For some assertions, multi-factor authentication is required. User accounts can have either or both of OneLogin security questions or the OneLogin Protect app as secondary factors.
My question is, what is the process to initiate either of those factors?
The SAML Assertion API call verify factor works when the OTP from OneLogin protect is provided, however we would like to initiate a push to the OneLogin Protect App. Additionally there does not seem to be any documentation for using the OneLogin security questions. How are the question(s) returned via the OneLogin API, and how are responses verified?
We have attempted the Activate Factor API call, however it returns an "Insufficient Permission" error, even though the API credential used has the Read Users scope, which the API documentation indicates is sufficient.
来源:https://stackoverflow.com/questions/47372362/onelogin-saml-assertion-with-mfa-security-questions-and-onelogin-protect