This article outlines the steps to set up Two-Factor Authentication (2FA) for an Application in Okta Identity Engine (OIE).

• 2FA (Two-Factor Authentication)
• Multi-Factor Authentication (MFA)
• Okta Identity Engine (OIE)

Before starting

• Enable at least one authenticator for the organization. If the organization does not have any authenticators enabled, Okta Verify with a one-time passcode (OTP) is enabled as the default authenticator. If authenticators are configured, then no changes are made.

Enable MFA in the policy

1. In the Admin Console, go to Applications > Applications.
2. Open the [App Name] App where the 2MFA will be set up.
3. Go to Sign On > User authentication, and click View policy details. The Authentication policy for the [App Name] App opens.
4. In this policy, go to [App Name] app policy > Actions > Edit. The Edit rule window opens.
5. Edit the rule. (See Add an authentication policy rule.)
   1. Go to User must authenticate with, and then select a 2-factor type option from the dropdown menu.
      • Every Sign-in Attempt is recommended, especially for the Okta Admin Console app.
      • If multiple authenticators are set to be "optional" other than Okta Verify, then more than one factor will show under Additional factor types.

5. 2. Select options for Possession factor constraints are.
6. Click Save.

Watch the following Demo video:


NOTE: For enforcing MFA to access the Okta Admin Console, please review Enable MFA for the Admin Console for more information.

Related References

• Okta will require MFA to access the Admin Console
• Frequently Asked Questions on MFA Enforcement for the Admin Console
• Product Update - Available and Upcoming Okta Security Enhancements