When querying to get a user's Enrolled Factors, we don't get all the devices for that user.
For example, we have a user with the following 2-factor authentications:
The response we get when querying the API for enrolled factors (via /otp_devices) is the following:
"otp_devices":[
{"type_display_name":"OneLogin Protect Test","user_display_name":"OneLogin Protect Test","active":true,"needs_trigger":true,"default":false,"id":3959374,"auth_factor_name":"OneLogin Protect"},
{"type_display_name":"OneLogin Protect Test","user_display_name":"OneLogin Protect Test","active":true,"needs_trigger":false,"default":false,"id":3959374,"auth_factor_name":"OneLogin Protect"},
{"type_display_name":"Google Authenticator","user_display_name":"Google Authenticator","active":true,"needs_trigger":false,"default":false,"id":3959388,"auth_factor_name":"Google Authenticator"}
]}
I understand that some type of devices may not be able to be verified through the API, but is there a place where we could find which devices precisely?
Our users were supposed to be using WebAuthn with a finger print scanner, and we were assuming (probably falsely) that it would behave pretty similar to OneLogin Protect (which we have implemented and are using fine on our end), but it seems like it's not the case since it does not appear in the user's list of enrolled factors. Any help with that would be appreciated!
Currently, OneLogin only supports SMS, OneLogin Protect(likewise devices) for MFA verification via APIs. For all other options, you will have to verify from OneLogin UI only.