Why sometimes when a end-user set MFA, the user tries to login and is not able to test it immediately? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfkuqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rolando AlvarezRolando Alvarez 

Why sometimes when a end-user set MFA, the user tries to login and is not able to test it immediately?

I'm enrolling users into MFA, mainly Okta Verify and SMS notifications. For some of the users, we log out from Okta and when they try to log back in, they are asked for the secondary factor, but it doesn't work for all of them. Some of the users, the MFA doesn't seem to work. They are able to log in just with a username and password.

I have asked some of them if they have activated to trust in that computer for seven days, and they say that no.
Best Answer chosen by Rolando Alvarez
Bogdan BanguBogdan Bangu (Okta, Inc.)
There are a few places that you need to configure Multifactor authentication(MFA) in Okta. In the Classic UI under Security->Authentication->SignOn. You need to create a new Okta Sign-On Policy, add a rule and make sure the "Prompt for Factor" is checked. You then have the choice of, Per Device, Every Time, Per Session. You select one of these depending on your security requirements.

All Answers

Wils DawsonWils Dawson (Okta, Inc.)
Hi Rolando,

It would help if you could share what your Okta Sign On Policy is for those users. You may have the policy configured to prompt them only once per hour for example. 
Bogdan BanguBogdan Bangu (Okta, Inc.)
There are a few places that you need to configure Multifactor authentication(MFA) in Okta. In the Classic UI under Security->Authentication->SignOn. You need to create a new Okta Sign-On Policy, add a rule and make sure the "Prompt for Factor" is checked. You then have the choice of, Per Device, Every Time, Per Session. You select one of these depending on your security requirements.
This was selected as the best answer
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team
Rolando AlvarezRolando Alvarez
@Bogdan Bangu, Thanks a lot for your comment about the Sign-On Policy. Those users were automatically classified by a rule in a group where the MFA was not being enforced.