<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Hide the "Back to sign in" Link on the Okta Hosted Sign-In Widget During MFA Challenge
Oct 10, 2025
Okta Classic Engine
Okta Identity Engine
SDKs & Libraries
Overview

When challenged for Multi-factor Authentication (MFA) verification using the Okta Sign-in Widget on a custom domain, users will normally see a Back to sign in link.

Sign in Widget

This article describes the steps an admin must take to hide the Back to sign in link on a brand with a custom domain.

Applies To
  • Okta Sign-In Widget 
  • Customization
  • Custom Code
Solution

The generation of the Okta Sign-in Widget (SIW) currently in use will determine which of the two main syntaxes to use in the custom code. The provided examples are for the Okta-Hosted Custom Sign-In Widget, but this option can also be used on a Self-Hosted/Embedded Widget following the steps provided for the Okta-Hosted widget, where Third-generation is not enabled.

 

View the SIW generation

  1. Navigate to Admin > Customizations > Brands.
  2. Click the appropriate Brand to customize.
  3. In the custom Brand, click Pages.
  4. Find the section for the Sign-in page and click Configure.
  5. On the Sign-in page configuration, click Settings.

 

If the Third-generation widget is enabled

Sign-in Widget version

  1. Click Page Design to see the Code Editor.
  2. Click Edit for the code editor.
  3. Add or replace the following code.

var config = OktaUtil.getSignInWidgetConfig(); 
// Render the Okta Sign-In Widget 
var oktaSignIn = new OktaSignIn(config); 

with

var config = OktaUtil.getSignInWidgetConfig();
// Render the Okta Sign-In Widget
config.features.hideSignOutLinkInMFA = true;
var oktaSignIn = new OktaSignIn(config);

 

Script

 

  1. Click Save to Draft.
  2. Click Publish.

 

 

If the Third-generation widget is not enabled

Sign-in Widget version

  1. Click Page Design to see the Code Editor.
  2. Click Edit for the code editor.
  3. Add or replace the following code.

var config = OktaUtil.getSignInWidgetConfig();
// Render the Okta Sign-In Widget
var oktaSignIn = new OktaSignIn(config);

with

var config = OktaUtil.getSignInWidgetConfig();
// Render the Okta Sign-In Widget
config[‘features.hideSignOutLinkInMFA’] = true;
var oktaSignIn = new OktaSignIn(config);

 

script

 

  1. Click Save to Draft.
  2. Click Publish.

 

After this change, users connecting to the brand's modified Sign-in page will no longer see the Back to sign in button when presented with an MFA challenge.

Missing "Back to Sign In" button

 

 

NOTE:

  • Both of the above scenarios were tested using the Sign-In Widget version ^7.
  • If Require possession factor before password during MFA is enabled, the MFA possession factor will be triggered first. Depending on what other factors are enrolled/allowed for the user, there may be no link for "verify with something else."
    • This setting can be found under Admin > Security > GeneralProtect against password-based attacks.
  • The previous scenarios remove the "Back to sign in" link from all applications. To remove it when users log into a specific application, use the code from the Per-application customization documentation instead.

 

Related References

Recommended content

Still looking for help?
Loading
Hide the "Back to sign in" Link on the Okta Hosted Sign-In Widget During MFA Challenge