Understanding Okta Application-Specific Authentication Policies
Last Updated:
Overview
Administrators configuring authentication policies in Okta often require clarification regarding application-specific policies. Okta assigns a dedicated, non-shareable authentication policy to special applications such as Office 365, the Okta Admin Console, or Desktop Multi-Factor Authentication (MFA) upon creation. Okta restricts adding other applications to these policies or reassigning the policy of an application associated with an application-specific policy.
Applies To
- Okta Identity Engine (OIE)
- Authentication Policy
- Application-Specific Policy
Solution
What is an application-specific policy?
A standard authentication policy supports sharing across multiple applications. Application-specific policies do not support sharing. Okta assigns these policies to specific applications during creation, and administrators cannot change them.
Why are some authentication policies marked as application-specific?
Certain applications, such as Office 365, Okta Admin Console, or Desktop MFA, require dedicated policies to function correctly.
Is adding another application to an application-specific policy supported?
Okta does not provide an option to add another application to an application-specific policy.
How can an Okta Administrator change the policy of an application associated with an application-specific policy?
Okta prevents changing the policy of an application associated with an application-specific policy. Attempting this action generates the following error message:
Policy re-assignment for <app name> application is not allowed
