This article explains how to configure an authentication policy for the dashboard to bypass the email verification prompt for new users during their first login.

• Authentication Policies
• Okta Identity Engine (OIE)
• Multi-Factor Authentication (MFA)

When the Okta Dashboard authentication policy is configured as Allowed with password + another factor, and the Possession factor constraints are set to Hardware protected.
 

During login to the Okta Dashboard, the new user is prompted to verify their email even though their email is not configured as an authenticator for the Okta Dashboard. After email verification, the user is prompted to enroll in Okta Verify as the required factor.

 

For new users, after entering their password, the expected flow is to be prompted to enroll in Okta Verify or FIDO2 as a required authentication factor.

To resolve this issue, please configure the Authenticators Enrollment policy with Email set to disabled:

1. Go to Security > Authenticators > Enrollment.
2. Select the policy > click Edit > under Authenticators and set Email: Disabled.
   
   Example: 
    
3. Click Update Policy.