<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
User is Asked to Enroll Factor When Signing Into Application that Requires Password Only and the Enrollment Policy has this Factor Disabled
Feb 10, 2026
Administration
Okta Identity Engine
Overview

After the Okta Identity Engine (OIE) migration, the user is prompted to set (enroll) a Factor such as Duo or Okta Verify after attempting to Sign in to a SAML application even when the enrollment policy has all the Factors but Password disabled. This worked fine on the previous Classic version.

Applies To
  • After Okta Identity Engine (OIE) migration
  • Okta Identity Engine (OIE)
  • Having an application policy rule configured just to have the password
Cause

There is a difference in how this is configured between Classic and OIE, and this needs to be set on the Enrollment Policy rule.

Solution
  1. Go to the Admin Dashboard.
  2. Click on Security > Authenticators. 
  3. Select the Enrollment tab > select the enrollment policy applicable to this user group.
  4. In the Rule section, click on the Edit rule applicable to this user.
  5. Ensure Okta and Applications settings are enabled in the User is accessing section.

  Edit rule 

  1. Save changes and test.

 

Related Reference

Recommended content

Still looking for help?
Loading
User is Asked to Enroll Factor When Signing Into Application that Requires Password Only and the Enrollment Policy has this Factor Disabled