<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Factor Sequencing Rules Detected in Classic Engine Prior to Okta Identity Engine Upgrade
Oct 30, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

The following reconfiguration has been identified as part of the preparation needed to perform the upgrade to Okta Identity Engine (OIE). Note that additional Okta features may require reconfiguration or be disabled in order to complete the upgrade.  The upgrade to OIE can be blocked if a factor sequencing chain contains two methods of the same authenticator type. 

Applies To
  • Okta Classic Engine
  • Okta Identity Engine Upgrades
  • Factor Sequencing
Cause

The presence of specific method combinations within the same chain causes the incompatibility.

Solution

Factor Sequencing can remain enabled during OIE upgrades. No changes are required if the existing Classic Engine configuration is compatible.


A tenant must satisfy the following requirements to be considered for migration of factor sequencing to Identity Engine:

  • The factor sequencing feature flag is enabled in Classic Engine.

  • An active factor sequence chain is present in the Classic Engine organization.

  • The chain does not contain two methods of the same authenticator.

Factor Sequencing in Identity Engine will not be available to the following customers:

  • The tenant was created directly on Identity Engine and never used Classic Engine.

  • The Classic Engine tenant never enabled the factor sequencing feature flag and never configured an active factor sequencing chain.

  • The Classic Engine tenant enabled the factor sequencing feature flag but never configured an active factor sequencing chain.

To ensure the Factor Sequencing configuration does not block the migration, perform the following steps:

  1. Review all factor sequencing chains.

  2. Verify that no single chain contains two methods of the same authenticator type. The migration to Identity Engine cannot proceed if any of the following combinations are present in the same chain:

    • Okta Verify and Okta Verify Push
    • Phone-Voice and Phone-SMS

  1. If an incompatible combination exists, modify the chain by changing one of the methods to an authenticator of a different type.

WARNING: If a custom sign-in flow that uses the Authentication API leverages Factor Sequencing capabilities, it will likely continue to work in a classic integration method. However, the custom sign-in application will require rework post-upgrade to use new sign-in capabilities introduced with Okta Identity Engine, such as the FastPass sign-in experience.

NOTE: Factor Sequencing is only available to ease the complexity associated with the upgrade. Existing global policies will not support new OIE sign-in flows, such as the FastPass sign-in experience.

Related References

Recommended content

Still looking for help?
Loading
Factor Sequencing Rules Detected in Classic Engine Prior to Okta Identity Engine Upgrade