In Okta Identity Engine (OIE), enabling Security Question as a second authenticator requires specific configuration settings. If the Global Session Policy is set to Establish the user session with: Any factor used to meet the Authentication Policy requirements, the Security Question option will not be available to the end-user when prompted to authenticate in the Verify it's you with a security method window. This article explores best practices for enabling Security Question as a secondary authenticator in OIE and outlines implementation steps to ensure a smooth process.

   

• Okta Identity Engine (OIE)
• Global Session Policy
• Authentication Policies
• Multi-Factor Authentication (MFA)
• Security Question

Check out this video for more information.

To enable Security Question as a second authenticator in OIE, the Global Session Policy must be set to Establish the user session with: A password. Additionally, ensure that the Security Question is set for both Authentication and Recovery purposes. Subsequently, verify that the Authentication Policy is configured to enable the use of Security Question in the authentication process.

To enable Security Question as a second authenticator in OIE, follow these steps:

1. Log in to the Okta Admin Console.
2. Go to Security and select Global Session Policy.
3. Click Add Policy. 

4. Provide a title and description for the policy, and include a rule.
5. Under Establish the user session with, select A password.
     

6. Click Create rule to apply the policy.
    

Related References

• Security questions in an authentication policy