Can you enable MFA for just teh web UI and not all apps? Skip to main content
https://support.okta.com/help/answers?id=9062a000000xaarqak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Chris2 BowmanChris2 Bowman 

Can you enable MFA for just teh web UI and not all apps?

I would like to roll out MFA to our different Applications, but I would like to require MFA on just the web login for now (organization.okta.com) and not the apps just yet.

Is this possible or is it an all or nothing style MFA when dealing with the web protal logon? I know i can enable MFA on individual apps and not the web portal login, but is there a way to exclude certain apps from MFA when its enabled via the sign on policy?

Thanks,
Chris
Kevin GunnKevin Gunn
You can enable multifactor to prompt the user only upon logging into Okta. To do so, Go to admin/access/multifactor (Security - Multifactor), select the multifactor types, then define your policy. If you have Network Zones define, you can choose whether or not users will be prompted for Multifactor while "on-network" and a different rule for "off-network".

With this enabled (and depending on how you define your "on-network" or "off-network" policies), when a user attempts to log in at orginzation.okta.com, the user will be prompted for their 2-factor authentication code. Once logged in, they won't be prompted again for it unless you have a rule defined for an app to do so.
James ReederJames Reeder
Following on from Kevin's advice above to actually confiure MFA to the Web Portal as a whole, it is not possible to exclude certain applicatons. You have the ability to have MFA on the whole portal, specific applications or the ability to have MFA on both.