<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Application Not Prompting for MFA Immediately after Signing in
Sep 1, 2025
Okta Classic Engine
Okta Identity Engine
Administration
Overview

This article aims to explain why an application would not prompt for Multi-factor Authentication (MFA) when MFA was satisfied at sign-in less than 10 seconds before launching the application. 

Applies To
  • Multi-factor Authentication (MFA)
  • Authentication Policy
Cause

MFA is enabled at both the Org level and App level.

Solution

This is an expected behavior. When MFA is enabled and enforced at both an Org-level sign-on policy and an Application-level sign-on policy, there is a small time window where, after logging into Okta, a user can launch an application that has a sign-on policy (with MFA enforced at every sign-on) but is not prompted for a factor even though the prompt is expected at every sign-in, as per the authentication policy. If multi-factor authentication is enabled at both the Org level and App level, the user is not prompted for repeated multi-factor authentication if the time between logging into Okta (and authenticating using multi-factor) and then immediately logging into the Application (that also requires multi-factor authentication) is less than 10 seconds. 

Recommended content

Still looking for help?
Loading
Application Not Prompting for MFA Immediately after Signing in