When attempting to disable the Update protected actions settings option in the Okta Admin Console, the user is continuously prompted for Multi-Factor Authentication (MFA). This loop prevents the user from saving changes. This issue occurs in Okta Classic Engine environments when the administrator is signed in with a federated account.
- Okta Classic Engine
- Protected Actions
- Federated Administrators
In Okta Classic Engine, federated users cannot use the Protected Actions feature because they cannot perform the required step-up authentication. An Okta-sourced Super Administrator account is necessary to authenticate and authorize these changes.
-
Sign out of the federated administrator account.
-
Sign in to the Okta Admin Console using an Okta-sourced Super Administrator account.
-
Choose Applications > Applications.
-
Select the Protected Actions tab.
-
Clear the Update protected actions settings checkbox.
NOTE: If an Okta-sourced Super Administrator account does not exist and cannot be created due to these restrictions, contact Okta Support.
For more information, refer to Protected actions.
NOTE: Once the organization upgrades to Okta Identity Engine (OIE), these settings can be re-enabled if needed.
