<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Prompting for Factor Enrollment Despite the Enrollment Rule Having the Factor Disabled
Nov 20, 2025
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

This article addresses a scenario where a user is prompted to enroll a factor, even when that factor is not included in any active Enrollment Policy.

Applies To
  • Factor Enrollment
  • Multi-Factor Authentication (MFA)
  • MFA Policies
Cause

A user is prompted to enroll a factor that is not in an Enrollment Policy because the factor is configured for account recovery within a Password Policy Rule. This enrollment is required to allow the user to perform account recovery actions.

Solution
  • Removing the factor's recovery function resolves the prompt. However, this is not an ideal solution, as it can reduce the security posture for account recovery.
  • Instead, review the organization's Okta Account Management (OAM) policy configuration to determine if the factor is intended for account recovery.
  • If the factor is intended for recovery, it may be preferable to manage this behavior through OAM settings rather than disabling the recovery function.

Related References

 

Recommended content

Still looking for help?
Loading
Prompting for Factor Enrollment Despite the Enrollment Rule Having the Factor Disabled