MFA Setup - setting up the factor before requiring MFA
Hi All, I'd like to have users setup a second factor (in this case a security question) before requiring they use MFA to authenticate to Okta. Right now without MFA enabled they cannot setup a security question (doesn't show in their profile). If I turn on MFA all at once everyone would be required to setup a question immediately and I like to give people more runway than that. Is there a way to get this to work?
Our MFA Enrollment policy type is currently in EA, which means Support can turn it on for you. This policy give you much more granuarity around when users are asked to enroll a second factor and which methods the end user is permitted to set up. I think this could address this issue.