<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Identity Engine - Last Used Factor
Oct 13, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview

The functionality of the "Remember Last Used Factor" feature relies on a cookie known as the 'luf' (last used factor) cookie. This is how the sequence alters depending on whether the browser is in regular mode or incognito (private) mode.

Network Inspect 

 
Applies To
  • Okta Identity Engine (OIE)
  •  Multi-Factor Authentication (MFA)
Cause

Login flow changes when the browser is in regular mode versus incognito (private).

Solution
  1. Regular browser mode.
User logs in for the first time, sees the MFA prompt, and picks one option (for example, Okta Verify). The next time they log in, the only factor they get prompted with is Okta Verify, unless they hit the Verify with Something else option.
 Authenticator options  "Verify with Something else" button   
  1. Incognito browser mode or the luf cookie is not present.
All the available factors will be displayed every time the user creates a new Private (Incognito) session on the browser or if the luf cookie is missing.
Factors
NOTE: The "luf" cookie expiry is 30 days. This value cannot be changed.

Recommended content

Still looking for help?
Loading
Okta Identity Engine - Last Used Factor