To retrieve a report of users who have not enrolled in Multi-Factor Authentication (MFA), an administrator can generate and filter the MFA Enrollment by User report. This allows administrators to view users who are enrolled with no authenticator type, or only the password authenticator type.

• Okta Classic Engine
• Okta Identity Engine (OIE)
• Multi-Factor Authentication (MFA)
• System Log
• Monitoring and reports

How does an administrator retrieve a report of users who have not enrolled in MFA?

Perform the following steps to access and filter the MFA Enrollment by User report:

1. Sign in to the Okta Admin Console.
2. Navigate to Reports > Reports.
3. Select MFA Enrollment by User under Multifactor Authentication. 

4. Select Edit Filters under MFA Enrollment by User. 

5. Select Add Filter. 

6. Select Add Filter again. 

7. In the first AND dropdown menu, select Authenticator count.
8. In the first operator dropdown menu, select less than or equal to.
9. In the first Value field, enter 1.
10. In the second AND dropdown menu, select Authenticator type.
11. In the second operator dropdown menu, select does not include.
12. In the second Value field, select Security Question, Email, Symantec VIP, Google Authenticator, Okta Verify, WebAuthn, RSA / On-Prem MFA, YubiKey Token, Custom OTP, IDP Authenticator, Duo, Phone, and Smart Card Authenticator. 

 NOTE: To view only administrator users, select Add Filter and choose User is admin in the AND dropdown menu and true in the Value dropdown menu.

13. Select Apply.
14. Select CSV Export to download the results. The following image displays the CSV Export button:

NOTE: The report displays users who have no authenticator type enrolled or only the password authenticator type enrolled.

Related References

• MFA Enrollment by User report
• System Log
• Monitoring and reports