<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Why Is a User Being Prompted for MFA
Nov 6, 2025
Multi-Factor Authentication
Overview

This article explains how to determine why a user is or is not prompted for Multi-Factor Authentication (MFA) during sign-in.

Applies To
  • Okta Identity Engine
  • Multi-Factor Authentication (MFA)
Cause
There are three separate policies to check when configuring or troubleshooting authentication. These policies configure password + MFA options for Groups. Note the priority and group assigned when reviewing these policies. All three of these policies are evaluated together.
Solution

Please follow these steps:

  1. Log in to the Okta Admin Console and navigate to Security > Authenticators > Enrollment.

    • Required authenticators will prompt the user to enroll either during sign-in to the Okta Dashboard or when accessing an application that requires the authenticator.

  2. Then, go to Security > Global Session Policy.

    • This is the org-wide requirement to log in.

  3. Lastly, go to Security > Authentication Policies.

    • These are the requirements per application.


Related References

Recommended content

Still looking for help?
Loading
Why Is a User Being Prompted for MFA