This article outlines recovery steps for when an administrator’s account gets locked out of an Integrator Free Plan Org after Multi-factor Authentication (MFA) enforcement.

• Integrator Free Plan Organization
• Multi-factor Authentication (MFA)
• Lockout

If administrators are locked out of the Admin Console, follow these steps:

1. Enroll in an MFA factor.
   • If other authenticators are enabled in the org, go to My Settings on the Okta End User Dashboard and enroll in an MFA factor before accessing the Admin Console.
2. Sign up for a new Integrator Free Plan org.
   • Create a new account using plus addressing/subaddressing using the work email (provided that the corporate email provider, such as Google and Microsoft, supports it).
     • For example, username+admin1@example.org
   • After creating a new Developer org, follow best practice recommendations such as:
     • Create multiple (3-5) Super Admin users in the organization.
     • Ensure all admins are registered for MFA.
     • Use this Terraform guide to establish access to a Terraform configuration for the Okta org in the event of being locked out.
3. Migrate applications in the Okta Integration Network (OIN).
   • Independent Software Vendors (ISVs) who have published applications in the OIN should migrate their applications from the old developer org to a newly created Integrator org. To receive assistance with the migration, send an email to developers@okta.com with the subject: ISV - App Migration.

For any other issues, please reach out to the Okta Developer Forum.

Related References

• Frequently Asked Questions on MFA Enforcement for the Admin Console | Okta Support Center
• Okta will Require Multi-Factor Authentication (MFA) to Access the Okta Admin Console | Okta Support Center