Does the OKTA SAML 2.0 implementation implement forceAuthn Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0t0iak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Richard DuffyRichard Duffy 

Does the OKTA SAML 2.0 implementation implement forceAuthn

We want to be able to request entering and validating of credentials at will as part of an electronic signature workflow in our application.

We want to pass ForceAuthn="true" as an attribute for the AuthnRequest. The goal is to notify the IdP to not use any previous security context when authenticating the user. 

With SAML 2.0 and orceAuthn="true" as an attribute for the AuthnRequest we can implement this.  We want to know if OKTA supports forceAuthn="true" as an attribute for the AuthnRequest.
Patrick WilcoxPatrick Wilcox (Okta, Inc.)
Hi Richard,

If you build a custom SAML app in Okta, one of the configuration options is "Honor Force Authentication".  You can enable/disable this setting.  If you are using a pre-built application in the Okta Application Network the setting is static, however it can be changed for your tenant at your request.

~ Patrick