Prompt For Factor on okta sign in vs application based MF policies
I'm fairly new to Okta, so please pardon my ignorance. I've a question surrounding MFA and I'm a bit confused.
When configuring an Okta Sign-on policy I see a check box labeled 'Prompt For Factor'.
When configuring an application I see that I can set up an MFA policy for that particular app.
Here is my background info: we have some apps on network and some apps on cloud. I want any access to cloud based apps to have MFA as long as the user is not on my network. Meaning, if I'm at my desk on the lan...I'll never get MFA prompt. When working remote, I will get it for cloud apps. Remote access to lan based apps is only available through VPN, so no need for MFA.
Question....why would I ever check the box labeled 'Prompt For Factor' when configuring an Okta Sign-on policy?