Skip to main content
Validate a user’s risk and send an MFA token via Email or SMS when the risk is above an acceptable threshold. This action takes care of registering new users as well as validating returning users. Required Scope: Manage All.
External DocumentationTo learn more, visit the OneLogin documentation.

Basic Parameters

ParameterDescription
Context Device FingerprintThe unique device fingerprint for the user web browser.
Context Device IDThe mobile device ID or other type of unique identifier for a device.
Context IPThe IP address of the user.

Example:"120.118.218.227"
Context Session IDThe persistent session ID for the for the user.
Context User AgentThe user agent of the browser.

Example:
"user_agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0)"
EmailThe email for sending the MFA token. Required for email-based MFA.
PhoneThe phone number for sending the MFA token via SMS. Required for SMS-based MFA.

Must be in E.164 format (e.g., +15555555555).
User IdentifierA unique identifier for the user (unique ID, email address, or username).

Advanced Parameters

ParameterDescription
Expires InThe window of time in seconds that the token must be verified within.

Defaults to 480 seconds (8 minutes). Maximum is 900 seconds (15 minutes).
First NameThe first name of the user.
Last NameThe last name of the user.
Risk ThresholdThe risk score level that will trigger an MFA token to be sent.

Note: If risk is greater than or equal to this value, an MFA token will be sent. Defaults to 50.

Example Output

{
	"user_id": 60254824,
	"risk": {
		"score": 93,
		"reasons": [
			"Chrome on Windows is used infrequently",
			"New location detected",
			"Accessed from a new IP address"
		]
	},
	"mfa": {
		"otp_sent": true,
		"state_token": "67ff7e91-ec38-467d-b7df-c0f4f61efd73"
	}
}

Workflow Library Example

Validate User with Onelogin and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop