<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Enable Authentication Sequence on Global Session Policy
Feb 17, 2026
Okta Classic Engine
Okta Identity Engine
Authentication
Overview

This article addresses why the Authenticator Sequencing option may be visible in some Okta Identity Engine (OIE) tenants (such as a Production environment) but missing or unavailable in others (such as a Preview environment). It clarifies the availability of this feature and provides the recommended configuration for OIE-native organizations.

Applies To
  • Okta Identity Engine (OIE)
  • Global Session Policy
  • Authenticator Sequencing (Legacy)
  • Authentication Method Chain
Cause

The Authenticator Sequencing option in the Global Session Policy is a legacy feature.

  • Migrated Orgs: It remains available only for organizations that were migrated from Okta Classic Engine to Okta Identity Engine (OIE) and had the feature enabled before the upgrade.
  • New Orgs: It cannot be enabled for organizations created directly in OIE - native.

Because the Production tenant was upgraded from Okta Classic Engine with the feature active, it retains the setting. The Preview tenant, created directly on OIE, does not support this legacy functionality.

Solution

OIE-native environments (such as the Preview tenant) and modernized authentication flows require the Authentication Method Chain feature. This is the supported replacement for defining specific authentication sequences (for example, forcing a password prompt before a possession factor).

 

Unlike the legacy Global Session Policy, this configuration is applied at the Application Policy level.

 

Configuration Steps

To configure an authentication sequence using Authentication Method Chains:

  1. Navigate to the Okta Admin Console.
  2. Go to Security > Authentication Policies.
  3. Select the specific application policy requiring modification.
  4. Locate the desired rule and click the pencil icon to edit or create a new entry.
  5. Under the section THEN Access is, select the Authentication method chain.
  6. Define the required sequence of authenticators (for example, Step 1: Password, Step 2: Okta Verify or FIDO2).
  7. Click Save.

NOTE: There is no global setting to apply a single chain across all applications; The chain must be defined within the policy rules for each app that requires a unique sequence.

Recommended content

Still looking for help?
Loading
Enable Authentication Sequence on Global Session Policy