It only returns the global sign-on policies configured under Security / Authenticaiton. What about application-specific sign-on policies, such as MFA policies configured at the application level? Is there any way to retrieve those polices and rules using the API?
Okta sign on policy controls the manner in which a user is allowed to sign on to Okta, including whether they are challenged for multifactor authentication (MFA) and how long they are allowed to remain signed in before re-authenticating.
Note: Okta Sign On Policy is different from application sign-on policy, which determines the extra levels of authentication (if any) which must be performed before a specific Okta application can be invoked. Application sign-on policy can’t be configured via the API.
Please read the following documentation if you have any additional concerns or you can open a Support case.