- Multi-Factor Authentication (MFA)
- Factor Enrollment
- Okta Classic Engine
-
Navigate to Admin Console > Security > Multifactor > Factor Enrollment (Tab).
-
Go to Default Policy and click on Edit. If the user is in a group with a specific policy assigned, please check that policy and click on Edit.
-
Set each factor that should be removed from the Extra Verification page to Disabled.
-
Click Update Policy.
Users will no longer see the factors that were disabled under the Extra Verification step on their settings page.
In the example provided, SMS Authenticator was set as Disabled and the rest as Optional. Below, SMS is not an option for the user, but all the other factors that were set as Optional are available. However, if the user did not enroll in a factor, they will see it as Disabled in the User Dashboard. If they enrolled in that factor, they will see it as Enabled.
NOTE:
- Prior to performing the actions above, please ensure that there are no Okta or app sign-on policies prompting for MFA, as the above steps will break the login flow for users who are prompted for MFA.
- After the option is disabled from the Factor Enrollment Policy, users can no longer use the disabled factor for authentication.
