Okta Configurable Lockout Settings for Multi-Factor Authentication Failure Attempts
Last Updated:
Overview
Okta does not provide a configurable setting in the Admin Console to define the number of allowed Multi-Factor Authentication (MFA) failure attempts before a lockout occurs. Okta automatically locks an authenticator for five minutes after five consecutive incorrect MFA codes. This action results in a temporary lockout and generates the following error:
429 Too Many Requests
Applies To
- Okta Identity Engine (OIE)
- Multi-Factor Authentication (MFA)
Solution
How does Okta handle lockout settings for MFA failure attempts?
Okta does not provide a configurable setting in the Admin Console to define the number of allowed MFA failure attempts before a lockout occurs.
In Okta Classic Engine, Okta automatically locks an authenticator for five minutes after five consecutive incorrect MFA codes. This action results in a temporary lockout and generates the following error:
429 Too Many Requests
