<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How Does the Factor Enrollment Policy Impact the Sign-On Policy
Nov 10, 2025
Okta Classic Engine
Multi-Factor Authentication
Overview
The article explores the effect of factors from the Factor Enrollment Policy on the Sign-On Policy when set to "Required". If a user has enrolled in an optional factor, they are not obligated to use the required factor for authentication.
Applies To
  • Okta Classic Engine
  • Multi-Factor Authentication (MFA)
Solution

The term "Required" in a Factor Enrollment Policy does not directly affect the Sign-On Policy. It signifies that the user must enroll in the specified factor and have it included in their MFA profile. If a user lacks a required factor from their enrollment policy, they are unable to log in to an application requiring MFA until they enroll in the factor. The factor can then be used to fulfill MFA requirements. Users are not required to use the Required factor from the Factor Enrollment Policy, as they can authenticate with any Optional factor in which they are enrolled.

Recommended content

Still looking for help?
Loading
How Does the Factor Enrollment Policy Impact the Sign-On Policy