Okta Verify can satisfy multiple authentication rules factor requirements when authenticating with biometrics (TouchID / FaceID).

• Okta Identity Engine (OIE)
• Okta Verify FastPass
• Authentication rules

As stated in the rules disclaimer, not every form of Okta Verify can satisfy more than one authentication rule condition.

For Okta Verify to satisfy multiple factor requirements, it must satisfy the Additional factor types (Possession factor) and Biometric factor types =.

The form of Okta Verify that can satisfy multiple factor requirements is FastPass and push notification with Biometrics.

Below, see a comparison between when a user authenticates with Okta Verify FastPass, Okta Verify Push, and Okta Verify One-Time Passcode.

• For Okta Verify FastPass, the authentication has the USER_VERIFYING properties, which are considered biometric factor types.

• In the case of Okta Verify Push notification, the USER_VERIFYING properties are considered biometrics factor type only if the user has biometrics enabled on the Okta Verify application. 

• In the case of Okta Verify One Time Passcode, the factor properties do not include USER_VERIFYING, and it will not satisfy the multiple-factor requirement; the user will be prompted for a second factor.