Generate an on-demand auth challenge during login

This topic describes the endpoint and parameters used to generate an on-demand authentication challenge for a given username.

You can use the {{baseUrl}}/login endpoint in combination with the following parameters to redirect a user to an MFA webview in order to complete additional authentication challenges.

Parameter

Data type

Description

username

string

Set the value to the username a user logs in with.

challengeView

boolean

Redirects the user to an MFA challenge webview when you set it to true.

This is helpful if the user has completed a primary authentication challenge through a third-party identity service and you want to use CyberArk Identity Adaptive MFA to enforce additional authentication mechanisms without asking end users to re-enter their username.

Refer to the product documentation for details about enforcing MFA for users.

Example usage

Go to the {{baseUrl}}/login endpoint and add values for the username and challengeView query parameters, as shown in the following example.

https://mytenant.my.idaptive.app/[email protected]&challengeView=true

The response is an MFA challenge webview.