<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Force Security Question Enrollment the First Time a User Signs In
Aug 26, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview

This article outlines the procedure for implementing a mandatory Security Question enrollment process for new users upon initial authentication. The procedure can be executed even if the Security Question enrollment is set to Disabled in the Factor Enrollment Policy by utilizing the Password Policy.

Applies To
  • Okta Identity Engine (OIE)
  • Password Policy
  • Self-service account recovery
  • Multi-factor Authentication (MFA)
Solution
  1. Log in to the Okta Admin Console.
  2. Go to the Security tab, and then click on the Authenticators tab.
  3. Click Actions and then Edit on the Password authenticator.

Authenticators

  1. Add New Password Policy or edit an existing policy that should apply the security question.
  2. Add a Rule to the policy.
  3. In the Additional Verification is section, select the Only Security Question option.

Add rule


Related References

Recommended content

Still looking for help?
Loading
How to Force Security Question Enrollment the First Time a User Signs In