Our team was reviewing push enrollment docs and noticed this
When users enroll with push, they also get enrolled in OTP, as Guardian supports challenging with OTP for scenarios where the user does not have connectivity.
Is it possible in the UL process exclude the addition of the OTP factor?
Hi @daenzer.gabriel,
Thank you for posting your question!
The Push-Notification is considered to be the OTP authenticator enrolled as a fallback, so unfortunately at the moment when using Universal Login, the OTP will be automatically added as an option to users. Because Push notifications rely on a data connection that can be spotty, the OTP serves as the mandatory “fail-safe” or offline backup.
If you wish to, you have the option of submitting a Feature Request since others might be interested in such an option as well and our Product Team is actively monitoring this thread for potential implementations.
Kind regards,
Remus
I think it is actually fine that we don’t request that, it looks like I can call for enrollments via the /api/v2/users/{id}/enrollments endpoint which includes push factor without the totp. This should be functional enough for what we need, thanks!