<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7Ub1SAFOkta Classic EngineMulti-Factor AuthenticationAnswered2024-04-13T06:26:32.000Z2017-08-08T17:38:00.000Z2017-08-08T17:57:22.000Z

Chris2B.37901 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Can you enable MFA for just teh web UI and not all apps?
I would like to roll out MFA to our different Applications, but I would like to require MFA on just the web login for now (organization.okta.com) and not the apps just yet.

 

Is this possible or is it an all or nothing style MFA when dealing with the web protal logon? I know i can enable MFA on individual apps and not the web portal login, but is there a way to exclude certain apps from MFA when its enabled via the sign on policy?

 

Thanks,

Chris
  • 2 answers
  • 910 views

  • Gunn (Customer)

    You can enable multifactor to prompt the user only upon logging into Okta. To do so, Go to admin/access/multifactor (Security - Multifactor), select the multifactor types, then define your policy. If you have Network Zones define, you can choose whether or not users will be prompted for Multifactor while "on-network" and a different rule for "off-network".

     

    With this enabled (and depending on how you define your "on-network" or "off-network" policies), when a user attempts to log in at orginzation.okta.com, the user will be prompted for their 2-factor authentication code. Once logged in, they won't be prompted again for it unless you have a rule defined for an app to do so.
    Expand Post

  • mg890 (mg890)

    Following on from Kevin's advice above to actually confiure MFA to the Web Portal as a whole, it is not possible to exclude certain applicatons. You have the ability to have MFA on the whole portal, specific applications or the ability to have MFA on both.
This question is closed.
Loading
Can you enable MFA for just teh web UI and not all apps?