<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Understanding Okta Application-Specific Authentication Policies

Administration
Okta Identity Engine

Overview

Administrators configuring authentication policies in Okta often require clarification regarding application-specific policies. Okta assigns a dedicated, non-shareable authentication policy to special applications such as Office 365, the Okta Admin Console, or Desktop Multi-Factor Authentication (MFA) upon creation. Okta restricts adding other applications to these policies or reassigning the policy of an application associated with an application-specific policy.

Applies To

  • Okta Identity Engine (OIE)
  • Authentication Policy
  • Application-Specific Policy

Solution

What is an application-specific policy?

A standard authentication policy supports sharing across multiple applications. Application-specific policies do not support sharing. Okta assigns these policies to specific applications during creation, and administrators cannot change them.

 

 

Why are some authentication policies marked as application-specific?

Certain applications, such as Office 365, Okta Admin Console, or Desktop MFA, require dedicated policies to function correctly.

 

 

Is adding another application to an application-specific policy supported?

Okta does not provide an option to add another application to an application-specific policy.

 

 

How can an Okta Administrator change the policy of an application associated with an application-specific policy?

Okta prevents changing the policy of an application associated with an application-specific policy. Attempting this action generates the following error message:

 

Policy re-assignment for <app name> application is not allowed

 

Loading
Okta Support - Understanding Okta Application-Specific Authentication Policies