This article discusses the duplicated user.mfa.factor.activate events in the System Logs for SMS and Voice Enrollment in Okta Identity Engine (OIE), that can be noticed even if the user only explicitly chose to enroll in one method (SMS or Voice).

• Okta Identity Engine (OIE)

This is an expected behavior. 

The design in OIE treats the Phone authenticator as a unified factor, a single "Phone" authenticator type. When an end-user enrolls their phone, they are essentially enabling their registered phone number for both SMS and Voice verification methods. The choice made during enrollment (for example, "send me a code" vs. "call") determines the initial verification method used for completion, but the underlying system activates both SMS and Voice capabilities for that enrolled phone number.

Because of this, when enrolling in a Phone authenticator (SMS or Voice), two user.mfa.factor.activate events are recorded in the system logs (even if the user only explicitly chose to enroll in only one method). 

While an end-user might select either SMS or Voice during the enrollment process, both underlying factors (SMS and Voice) are activated simultaneously. Therefore, when a user successfully enrolls the Phone authenticator, the system generates two distinct user.mfa.factor.activate events:

• One event for the SMS factor activation.
• One event for the Voice factor activation.

These events typically appear with the exact same timestamp in the system logs, indicating their simultaneous activation. This can be confirmed by expanding the log entries and checking the reason field, which will distinguish between the SMS and Voice activations.