<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UjISAVOkta Classic EngineMulti-Factor AuthenticationAnswered2024-04-30T09:18:25.000Z2018-03-28T09:34:50.000Z2018-03-28T09:34:50.000Z

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Which MFA Factor is used for a user if multiple are configured?
If a user has multiple MFA factors set up, how does Okta decide?

 

I recently did some testing, and it seemed that the most recently set up factor was used - e.g. if I reset my security question, then I am prompted to provide a security answer each time I login rather than Okta Verify which I set up first.

 

However, when I look at the MFA Usage report, I see that for some users the most recently used MFA Factor is not necessarily the most recently enrolled.
  • 5 answers
  • 970 views

  • AjayS.78656 (Customer)

    I understand that if multiple factors are enabled and enrolled for, user will get option to choose.

    In my configuration, Okta verify was enabled as 'Required' while one another factor was 'Optional'.

    The users got the verify option by default but could chose the another factor through a small drop down arrow on the MFA page.

  • j5v7c (j5v7c)

    Yes - users can choose, but I don't expect them to select the most secure and the majority are just going to use the first one presented unless for some reason they cannot. I only want users using Security Question when they aren't able to use a more secure option - this is defeated when they are presented with the Security Question every time they login.

     

    My question is about which MFA factor is presented to a user - how is this determined? Is there any way that an admin can set a preference?
    Expand Post

  • j5v7c (j5v7c)

    Hi,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

     

    Thank you,

     

    Dylann Fezeu

    Okta Help Center Team
    Expand Post

  • AjayS.78656 (Customer)

    If you consider one factor weaker than the other, you should not allow that option at all.

    If security is the concern, attackers will always know how to pick up the weaker option.

    If a weaker option is used as a fall-back to a stronger option, attacker would still be able to fall-back.

    I believe if multiple options are to be provided, we should be sure that they are of same strength for our security requirements.
    Expand Post
This question is closed.
Loading
Which MFA Factor is used for a user if multiple are configured?