Support for 3-number challenge when Okta Verify mobile app forces extra verification

[SmithTM90]

Is your feature request related to a problem? Please describe. When attempting to use aws_okta_keyman, Okta Verify for Android determines that it is an "unusual" login attempt, and forces an additional layer of verification with the 3-number challenge. Unfortunately, this prevents further use of aws_okta_keyman

Describe the solution you'd like The CLI tool should be able to integrate with this 3-number challenge verification step, and report back the correct number to select in the Okta Verify mobile app so that users can get past this stage and be able to use aws_okta_keyman successfully when additional verification is required.

[nathan-v]

Hi @SmithTM90 I've never seen that issue or case. Do you have an Okta setting that causes this?

[jasonmfehr]

Hi @nathan-v we have this issue too. If Okta detects something amiss with the login attempt, it does an additional challenge. It could be a setting that our org uses, I am not sure though. The way we can cause the three number challenge to happen is by connecting to a VPN that routes outbound internet through a distant city.

[nathan-v]

If someone knows the setting required to cause this I can set it up in a test Okta to try and replicate. I'd love to be able to support this.

[krichter]

@nathan-v - I believe it's this setting: https://help.okta.com/oie/en-us/Content/Topics/identity-engine/authenticators/configure-okta-verify-options.htm