<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VU3SANOkta Classic EngineMulti-Factor AuthenticationAnswered2018-09-05T01:28:41.000Z2015-12-16T21:40:25.000Z2017-05-09T20:08:02.000Z

PatrickC.59989 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Multifactor policy
Hello.

I set up my default MFA policy to have 2 factors as REQUIRED for users when signing into Okta. For example, require Okta Verify and SMS. However when the user logs, he is only prompted for one factor. I thought he'd be prompted for both factors required in the policy?

 

Also if I add another MF policy, it does not seem to take precedence over the default one (which cannot be deleted). Has anybody else experienced some weirdness with this?
  • 3 answers
  • 1.11K views

  • eric.karlinsky1.4147731941881877E12 (Okta, Inc.)

    Hey Patrick,

     

    A few things to check: 

     

    First, make sure the end user is in the group to which the policy is scoped. This may be obvious, but it's often overlooked as a reason that policies fail to take effect. 

     

    Second, the MFA Enrollment policy applies to enrollment, not enforcement. So the end user will be required to enroll per the policy, but that doesn't mean they're required to provide a second factor to authenticate.

     

    If you provide a screenshot of your policy configuration, I can help you troubleshoot.

     

    Thanks,

    Eric

    Eric Karlinsky, Sr. Technical Marketing Mgr., Okta
    Expand Post

  • PatrickC.59989 (Customer)

    Hi Karl. My user is in the group. Also sounds like one cannot setup more than one factor at enforcement, so max. is 2 factor at enforcement (password + one factor like Okta Verify), is that right?

  • eric.karlinsky1.4147731941881877E12 (Okta, Inc.)

    Hey Isaac - Sorry for the delayed response. I misunderstood your original post. You're correct, right now Okta only supports a single prompt for MFA, so you can enable multiple sequential factors into an authentication chain. The MFA Enrollment Policy only forces end uses to enroll for the authentication methods you want them to use.
This question is closed.
Loading
Multifactor policy