Anyway to list who has MFA actively setup and anyway to force MFA setup?
We currently have MFA setup with Okta/Radius for VPN access but we're looking to expand that to require MFA when using anything Okta externally.
There's a report to show when someone last used or enrolled but they couldn't have (in theory) deactivated it so I'm looking for a definitive list of who does and does not have MFA setup. Is anyone aware of a report or method to determine that? I'm guessing there's a way in postman but i'm not overly talented with it.
Is anyone aware of a way to force MFA setup? I see ways to encourage it but not require it.
Thanks in advance for any help or recommendations, David
To enforce users to use MFA you can add a policy rule for users accesing okta when their IP is not in zone, as for a list of users using MFA at the moment, will be through APIs, and other option for this is to create a feature request on https://support.okta.com/help/oktaideanew as for the moment only user authenticating with MFA can be shown in the reports. If you require further assistance please open a case with customer support.
Sorry, I didn't explain the issue with enforcement clearly enough. We've had some security issues with staff being stupid with their credentials. I'm sure everyone's shocked that happens ;). What we'd like to do is force MFA setup immediately just like the secret question/answer and make it mandatory.
Currently, ff staff don't setup MFA but we require MFA externally and that staff person never accesses Okta remotely, they may never configure it. So an unauthorized third party with their username and password could access Office 365 and that unauthorized party could in theory setup MFA to be able to access their account. There's nothing to prohibit an unauthorized third party from getting in unless MFA was already setup. Curious how or if others are addressing this.