How do I disable specific MFA for ONE user only?

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM

I have a Global Policy set to only use MFA with Okta Verify or Google Authenticator - no SMS-based 2FA - for every user.

One particular user is having issue with his phone and cannot download Okta Verify or Google Authenticator app, effectively locking him out from Okta.

So I would like to temporarily set SMS-based 2FA just for this one user, while maintaining non-SMS-based 2FA for every other users How can I do this?

Basically this is what I am trying to achieve:

1). Global Policy set NOT to use SMS-based 2FA for all user (this is done)

2). For one user (say Joe) only, I would like to setup SMS-based 2FA. Everyone else still have to use non-SMS-based 2FA

3). Once Joe's phone is fixed, I want to enforce no SMS-based 2FA for him.

j5v7c (j5v7c)
Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:27 AM
As per your order you would need to create a policy and rule making sure they are the first policies/rules in the hierarchy (as they are triggered from top down).

So create a global registration policy that allows Joe to use and register for SMS as part of his login/registration policy.

Then on the application SSO tab create a rule that allows (only Joe, or a group that Joe's a member of say 'SMS') again placing this first in the list.

Once Joe has his new phone remove Joe's name from both policies/rules or group membership.

Thanks
Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies