When users are added to a new security policy, they may be prompted to provide and verify a secondary email address during the sign-in flow. This guide explains how Okta uses secondary emails to enhance account recovery resilience and outlines configuration options to tailor this experience to the organization’s needs.

• Account recovery in Okta

The prompt for a secondary email address is a built-in security safeguard that ensures users maintain access to their accounts even if their primary corporate email becomes unavailable. By default, when a user falls under a new policy scope, Okta’s identity assurance framework triggers this collection to ensure the user’s recovery profile is complete and secure.

To align with Okta’s commitment to a seamless user experience, administrators can configure the secondary email field as optional rather than mandatory. While the prompt serves as a security best practice, its visibility and requirement status can be managed through the following steps:

1. Log in to the Okta Admin Console.
2. Navigate to the Customizations menu.
3. Select Other from the dropdown list.
4. Locate Optional User Account fields.
5. Check the box next to Secondary Email to disable it.
6. Save the changes.

Related References

• How to Disable Account Recovery and Secondary Email