<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Exclude a Specific User from Okta Authentication Policy Rule in Okta Identity Engine
Jan 26, 2026
Multi-Factor Authentication
Okta Identity Engine
Overview

One of the essential features of Okta Identity Engine (OIE) is the Authentication Policy that allows the creation of rules to control users' access to resources based on various criteria, such as device type, location, and network. However, sometimes one may want to exclude a specific user from a particular Authentication Policy Rule, and this article provides a step-by-step guide.

Applies To
  • Okta Identity Engine (OIE)
  • Authentication Policies
  • Multi-Factor Authentication
Solution

To exclude a specific user from an Authentication Policy Rule in Okta OIE, follow these steps:

  1. Sign in to the Okta Admin Console.

  2. Go to Security, then Authentication Policies.

  3. Click on the Authentication Policy that needs to be edited.

  4. Scroll down to the Policy Rules section and click on the desired rule to edit.

  5. Look for the AND User is section and select At least one of the following users from the drop-down menu.

  6. Enter the username to exclude in the And none of the following users box.

  7. Click on the Save button at the bottom of the page to save the changes to the Authentication Policy Rule.
    Edit rule 

Related References

Recommended content

Still looking for help?
Loading
How to Exclude a Specific User from Okta Authentication Policy Rule in Okta Identity Engine