Most clients using Centrify tool find it challenging to get API permission authenticated for MFA. However, after much support from the Centrify teams, Sennovate started to follow the authentication process.
The screen shot displayed below will help in starting the authentication process in postman which is the most popular tool used in API testing.
1. First /Start Authentication is called for.
2. Post this authentication process, a response is received with SessionID and MechanismID, from Centrify. Since we are using MFA, we will have two or more mechanismID that will be made available in the response.
3. As an example, assume I have a single login verification using password and email verification, wherein an OTP is sent to my email, which must be entered using my Login for it to be a success. So, when /Start Authentication is called, two MechanismID will be generated as a response.
4. Next, Advance Authentication is hit, in which session ID and both Mechanism ID are included using Multiple Operations, along with the password of the user.
5. Once /AdvanceAuthentication is called in the postman, “StartOOB” sends an email with an OTP.
6. Next, /AdvanceAuthentication is called AGAIN. In which MechanismID of the email verification is included along with OTP.
7. Authentication is complete, “Login Success” will be shown in the Response.
That’s how you get authenticated for Centrify’s MFA when using API. These above steps using postman will give you a clear idea on the workings of MFA’s API to get started in your in-house development.