<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Why Are Users Not Prompted for App-Level MFA Immediately after Logging into Okta
Jul 17, 2025
Administration
Okta Classic Engine
Overview

This article discusses why users are not prompted for app-level MFA immediately after logging into Okta.

Applies To
  • Multi-Factor Authentication (MFA)
  • Org-level Authentication
  • App-level Authentication
  • Okta Classic Engine
Solution

When MFA is enabled and enforced at an Org-level sign-on policy and an Application-level sign-on policy, there is a small time window after logging into Okta. Users can launch an application with a sign-on policy (with MFA enforced at every sign-on), but is not prompted for a factor, even though the prompt is expected. If multi-factor authentication is enabled at both the Org level and App level, the user is not prompted for repeated multi-factor authentication. If the time between logging into Okta (and authenticating using multi-factor) and then immediately logging into the Application (that also requires multi-factor authentication) is less than 10 seconds.

Recommended content

Still looking for help?
Loading
Why Are Users Not Prompted for App-Level MFA Immediately after Logging into Okta