How to Set a Default Authentication Policy for an Application in OIE
Apr 28, 2025
Administration
Overview
When adding a new application in Okta, a default user authentication policy is automatically assigned.
This article explains how to set a different policy to be automatically assigned as the default one for new applications.
Applies To
- Authentication Policy
- Okta Identity Engine (OIE)
- Access Testing Tool
Solution
Okta automatically assigns the Any two factors authentication policy as the default one for new applications. It is not possible to set a different policy from the default one, but the default one can be modified.
Admins change the policy that applies to an application by following the steps below:
- Select the application by navigating to the Applications tab.
- Click on Applications, select an application, and navigate to the Sign On tab.
- In the User Authentication section, click Edit to select a new authentication policy to be applied from the dropdown.
The Any two factors authentication policy (marked as Default) can be edited by following the next steps:
- Start by navigating to the Admin Dashboard.
- Click on Security and select Authentication Policies.
- Open the Any two factors policy.
NOTE:
- It is possible to update the name and description of the Any two factors policy (Actions > Edit name and description), and a new rule can be added (Add rule) on top of the Catch-all Rule to match the new expected user authentication behavior. This way, the modified default policy will be assigned automatically to all the new applications in Okta.
- The Access Testing Tool can be used to verify whether the policy is working as expected on the Okta Identity Engine. For more information about this feature, please refer to the link in the related references below.
