This article aims to explain how to verify Authentication Policies after the Okta Identity Engine (OIE) upgrade.
- If any applications are added to the authentication policy named "Any Two Factors", please verify that the actual rules in the policy meet the application security assurance levels that should be implied.
- Okta Identity Engine (OIE)
- After OIE Migration
- Authentication Policy
-
Log in to the Okta Admin Console.
-
Go to Security > click on Authentication Policies > look for a policy that says Any two factors.
-
Once the Any Two Factors policy opens, the requirements to gain access will be displayed.
How to rename a policy to Password Only policy:
-
Log in to the Okta Admin Console.
-
Go to Security > click on Authentication Policies > look for a policy that says Any two factors.
-
Once on the Any Two Factors Policy settings page, an Actions dropdown list will be visible. From there, select Edit name and description.
- A pop-up window will appear, allowing the policy to be renamed and the description to be changed. Once done, click Save.
How to modify the Any two factors rule to ask for any two factors:
-
Log in to the Okta Admin Console.
-
Navigate to Security > click on Authentication Policies > look for a policy that says Any two factors.
-
On the Any two factors policy settings, a Catch-all-Rule is added by default. To the right of that, there is an Actions button with a drop-down.
-
Click Edit.
-
In the new pop-up window, scroll down to the heading THEN and look for the statement AND user must authenticate with. A drop-down list will currently be set on Password or Password/IDP.
-
Click on the drop-down and select the option Any 2 factor types.
- Once Any 2 factor types is selected, additional choices will be visible. Set up the policy based on the application/company security policies.
-
Once the policy rule matches the needed criteria, click on Save.
