This article explains why the sign-in widget displays a two-page login process instead of a single-page one. In this scenario, the first page requests only the username, while the second page requests the password.
| One-page Login | Two-page Login |
- Okta Identity Engine (OIE)
- Global Session Policy (GSP)
- Okta Sign-In Widget
If a Global Session Policy (GSP) is configured to Any factor used to meet the Authentication Policy requirements, the sign-in widget changes to accommodate passwordless authentication. This change applies to all end users in the tenant. The widget must evaluate passwordless users before password-enabled users, which triggers the two-page login flow.
To display the username and password fields on a single page within the sign-in widget, ensure all rules in the GSP are configured to establish the user session with a password.
- Navigate to the Global Session Policy.
- Set Establish the user session with to A password.
If the two-page login persists, verify the Multi-Factor Authentication (MFA) settings:
- Go to Security > General.
- Locate the Protect against password-based attacks section.
- Ensure the Require possession factor before password during MFA option is not enabled.
NOTE: If this setting is enabled, the sign-in widget defaults to multiple pages because the user must be verified with a possession factor before the system prompts for a password.
