The Factor Enrollment Policy is a crucial component of an organization's identity and access management strategy. It determines the factors that users must enroll in to access resources and the factors that can be used to satisfy the Authentication Policies.
To create a Factor Enrollment Policy, from the Okta Admin Console, go to Security > Authenticators > Enrollment > Add Policy.
In Okta Identity Engine (OIE), users will not be able to use an enrolled factor if that factor was Disabled from the Factor Enrollment Policy.
- Okta Identity Engine (OIE)
- Factor Enrollment Policy
- Authentication Policies
- Multi-Factor Authentication (MFA)
In such cases, users would need to enroll in whatever is required if the policy is set to prompt them to do so. For instance, if an organization disables the use of Security Question as a factor, users who have previously enrolled with Security Question will not be able to use it for authentication until the policy is updated and the eligible authenticator, in this case, Security Question, is set to Optional or Required.
