When a user enrolls a Multi-Factor Authentication (MFA) factor, an automated email can be sent to notify them that a new factor was enrolled with their account. When that email is sent, it is logged in the system logs as the following event type: 

system.email.mfa_enroll_notification.sent_message.

This knowledge article addresses the reason why that event type is missing from the system log and provides a solution to the issue.

• Multi-Factor Authentication (MFA)
• System Log
• Email Notification

The option to send notification emails is disabled. If the option to send the notification emails is not enabled, the email notifications will not be sent, and the event will not be logged.

Okta Identity Engine (OIE)

1. Access the Okta Admin Console.
2. Navigate to Security > General.
3. Under Security notification emails, click Edit.
4. Modify the value for the Authenticator enrolled notification email to be Enabled.
5. Click Save.

Okta Classic

1. Access the Okta Admin Console.
2. Navigate to Security > General.
3. Under Security notification emails, click Edit.
4. Modify the value for MFA enrolled notification email to Enabled.
5. Click Save.

Related References

• Authenticator enrolled notification email for end users
• Event Types