<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Microsoft Office 365 Application Sign-On Policy Not Showing MFA Options

Last Updated:

Single Sign-On
Okta Identity Engine

Overview

This article explains why Okta admins who are configuring Microsoft O365 Application Sign-On Policy/Rules are not able to see Multi-Factor Authentication (MFA) options; only the password is enabled for authentication, and grayed out without being able to select other authenticator options.

When access is allowed

Applies To

  • Microsoft Office 365
  • Application Sign-On Policy
  • Application Sign-On Rule
  • Okta Identity Engine (OIE)

Cause

This is caused by the Any client selection in the "AND Client is" portion of the Microsoft Office 365 rule.

 

Solution

To enable MFA options in Microsoft Office 365:

  1. Navigate to AND Client is.
  2. Select Any client and change to One of the following clients:.
  3. Add Modern Authentication and Web browser.

Once this is done, interact with the password selection box located in the AND User must authenticate with section.

The dropdown will now allow admins to select 2 Factor types (MFA), which will then allow admins to configure AND Possession factor constraints are as well as AND Authentication methods for users.

Recommended content

Still looking for help?
Loading
Okta Support - Microsoft Office 365 Application Sign-On Policy Not Showing MFA Options