• Okta Identity Engine (OIE)
• Authenticator
• Multi-Factor Authentication (MFA)
• Global Session Policy
• Authentication Policy

Follow the steps or video below.

1. Create an Authenticator enrollment policy under Security > Authenticators > Enrollment and assign it to the group it will apply to.

2. Mark the Password authenticator as Required and mark all the other authenticators as Disabled or Optional, as shown in the following screenshot:
   
    

3. Next, navigate to Security > Global Session Policy, create a policy as a top priority, and assign it to the same group.

4. Create a rule within the Global Session Policy, set the Establish the user session with setting to A Password, and set Multifactor authentication (MFA) to Not Required, as shown in the following screenshot.
   
    

5. Set the User's IP is to In zone, choose the appropriate zone, and Save the changes. The other options are optional.

6. Drag the new Policy to the top of the priority list.

7. Go to Okta Admin Console > Security > Authentication Policies and make sure that the policy for the Okta Dashboard is set up to ask for only a Password. (Or in scenarios where there are IDP configured on the environment: Password/IDP)

Related References

• Global session policies

• Authentication policies