This article describes how to create a Factor Enrollment Policy for a Specific Group of users and have them enroll the first time they are prompted for MFA.

• Multi-Factor Authentication (MFA)
• Okta Classic Engine
• Multifactor Enrollment Policy

1. Start by going to the Okta Admin Console.
2. Go to Security > Multifactor.
3. Select the Factor Enrollment tab.
4. Click Add Multifactor Policy.

5. Name the policy, and in the Assign to groups field, search and add the groups to which this policy applies.
6. Set which factors to be Required, Optional, or Disabled for the users in the group assigned.
7. Click Create Policy.

8. Once the policy is created, a prompt to add a rule will be received.
9. Name the rule, and if needed to exclude any users from this rule, add them in the Exclude Users field.
10. Set Enroll in multi-factor to the first time a user is challenged for MFA. This way, the users from the specified group will have to enroll in the set factors once they access an application that has a Sign On Policy that requires MFA.
11. Click Create Rule.

Related References

• Configure an MFA enrollment policy