<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Okta Configurable Lockout Settings for Multi-Factor Authentication Failure Attempts

Multi-Factor Authentication
Okta Identity Engine

Overview

Okta does not provide a configurable setting in the Admin Console to define the number of allowed Multi-Factor Authentication (MFA) failure attempts before a lockout occurs. Okta automatically locks an authenticator for five minutes after five consecutive incorrect MFA codes. This action results in a temporary lockout and generates the following error:

 

429 Too Many Requests

 

Applies To

  • Okta Identity Engine (OIE)
  • Multi-Factor Authentication (MFA)

Solution

How does Okta handle lockout settings for MFA failure attempts?

 

Okta does not provide a configurable setting in the Admin Console to define the number of allowed MFA failure attempts before a lockout occurs.

 

In Okta Classic Engine, Okta automatically locks an authenticator for five minutes after five consecutive incorrect MFA codes. This action results in a temporary lockout and generates the following error:

 

429 Too Many Requests

 

Related References

Loading
Okta Support - Okta Configurable Lockout Settings for Multi-Factor Authentication Failure Attempts