Enabling MFA policy: get browser sameorigin error Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmz4qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Peter LyonsPeter Lyons 

Enabling MFA policy: get browser sameorigin error

I have a dev app that is working correctly for email/password login. I'm attempting to enable MFA. I added a rule to the app requiring MFA but now after I enter email/password I see this error in the browser console:

Refused to display 'https://dev-REDACTED.oktapreview.com/login/login.htm?fromURI=%2Foauth2%2Fv1%2…horize%2Fredirect%3Fokta_key%3DREDACTED' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

FYI my app is on the okta preview system, configured for OpenID Connect, and set as a SPA type web app.
BehrouzBehrouz (Okta, Inc.) 
Hi Peter,
In order to have Okta pages show in iFrames like different apps and pages, you need to have "IFrame Embedding" enabled for your Okta Org. You can enable it by going to the Admin Panel > Settings > Customization and under IFrame Embedding section click on Edit and enable the checkbox there.
Let us know if you have any questions.

Behrouz Ghorchi
Customer Support Engineer | Okta