Can users opt-in for MFA if the tenant Multifactor Policy has "Optional" factors? Skip to main content
https://support.okta.com/help/answers?id=9062a000000que1qac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jessica WooleyJessica Wooley 

Can users opt-in for MFA if the tenant Multifactor Policy has "Optional" factors?

We have both of the Eligible Factors in our tenant's MFA policy set to "Optional" - I was able to complete factor setup with a test user, but am unable to find anywhere that the user can enable the factor.  Is this "Optional" parameter just to allow users to set up the factor? Or is there some way for them to opt-in to have multifactor required if they want to secure their account and/or application access?
Josh SkeenJosh Skeen (Okta)
Hi Jessica,

If you complete factor setup for a user, then that factor is enabled for that user from then on. To use the factor, however, a Sign-On Policy that requires an MFA challenge must be applied to the user. You can create one of these policies from Okta Admin -> Security -> Authentication -> Sign On tab.

Once a valid sign-on policy is in place, your user will be able to use whichever MFA factor they have set up to satisfy the challenge. If they set up multiple optional factors, then they will get to choose which factor they would like to use for the challenge. A user can see what factors they have enabled by going to their Okta Homepage and then clicking on their name, and then Settings.

I hope this helps!

Thank you,

Josh Skeen
Okta Global Customer Support
Jessica WooleyJessica Wooley
Hi Josh,

Thank you for the answer - it is very much appreciated.  We're actually looking for a way that users could voluntarily "self-enroll" for MFA, as a precursor to us enforcing it via the Sign On policies.  Is that currently possible?

Thanks,

Jessica Wooley
Andrew CollinsAndrew Collins
I would like to know this too, an opt in feature for MFA.