Okta Verify - Bypass MFA using Session Token

Hi there,

Our company will be enforcing Okta Verify for all users and that includes bots. While we can modify existing logging in using UI activities and verification using Okta Verify, I am trying to obtain session token from Okta using auth HTTP requests and setting cookies for the browser session to bypass Okta authentication UI flow and navigate directly to third party websites that are configured for Okta’s SSO.

Has anyone tried to do this before and if so, maybe share some pros and cons of using APIs auth rather than regular auth flow?

Is the plan to use https://developer.okta.com/docs/reference/api/authn/? You would still need to provide the Okta Verify token as part of the HTTP request, correct?

This activity pack on the Marketplace might help you with this:
https://marketplace.uipath.com/listings/two-steps-authentication-component

But also please note as a disclaimer that it would be best practice to use service accounts without MFA for robots.

Hi Chris, thanks for your response.

Yes, we would still require OTP. I’ve seen the activity you shared and there’s also pyotp module that does the same. Ideally, we are trying to come up with the solution that wouldn’t use UI to log in to okta.

We understand that service accounts is the way to go but it would take us a while to get all the approvals and conversion of all our bot accounts.