<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Bring Your Own Telephony Required for Okta SMS and Voice
Mar 24, 2026
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

Starting September 15, 2024, Okta requires a custom telephony provider at the time of renewal to send SMS and voice messages for Multi-Factor Authentication (MFA) and non-MFA scenarios. Users must transition to higher assurance authenticators or configure a custom telephony provider using the Telephony Inline Hook to prevent service disruption. SMS and voice authentication offer limited assurance, prompting the shift toward phishing-resistant authenticators like Okta Verify, FastPass, and FIDO2 WebAuthn.

Applies To

  • Okta Identity Engine (OIE)

  • Okta Classic Engine

  • Short Message Service (SMS)

  • Voice Authentication

  • Telephony Inline Hook

Cause

Okta stopped offering out-of-the-box telephony services for net new accounts in August 2023 to encourage the adoption of higher assurance authenticators. Starting September 15, 2024, Okta extends this policy to all existing accounts upon renewal.

Solution

How is the telephony provider requirement resolved?

Users must complete one of the following methods before the first renewal after September 15, 2024, to avoid impact to their service.

 

Option 1: Replace SMS and voice with higher assurance authenticators 

Follow these guidelines to transition to higher assurance authenticators:

  • Transition from SMS to phishing-resistant authenticators like Okta FastPass and FIDO2 Webauthn.

  • Update existing policies that use the phone authenticator before deleting the authenticator. Environments utilizing Okta Classic Engine or Factor Sequencing require policy updates to remove the phone authenticator.

Option 2: Configure a custom telephony provider via the Telephony Inline Hook 

Follow these steps to configure a custom telephony provider:

  1. Select a telephony provider. Any telephony provider is compatible with the Telephony Inline Hook.

  2. Review the current SMS and voice volume via the Telephony Usage Report.

  3. Configure and test the Telephony Inline Hook by following the product documentation steps.

NOTE: As of April 10, 2024, the Telephony Inline Hook is available on both Okta Identity Engine (OIE) and Okta Classic Engine.

What if I still have questions?

Please contact your Okta account team with any additional questions regarding this change.

Recommended content

Still looking for help?
Loading
Bring Your Own Telephony Required for Okta SMS and Voice