JayH.63959 (Customer) asked a question.
Using factors for login (password-less login) spins
I have the authentication factors enabled on my sandbox. I created a sign-on policy that uses SMS as the only sign-on factor. I then assigned a test user to this policy. When I attempt to sign-in, the system spins and I see an error in the logs. I figured out, through trial and error, the issue was that I hadn't onboarded the user into the SMS authentication. I set my sign-on policy to password and then SMS and it asked me to enroll in SMS after entering my password. Once I did that I could revert back to sign-on using only SMS as a factor.
My question is, is there a way to force enrollment or show a message to the user that explains what's happening rather than spinning indefinitely?
Thank you for posting your question on the Okta Help Center.
In order to prompt users to enroll into an MFA factor, your Okta org requires the Enrollment Policy / Okta MFA Policy feature flag which is currently disabled for your prod / preview orgs and it requires the MFA or Adaptive MFA SKUs to be purchased.
Additional information regarding MFA deployment can be found in the below KB:
https://www.okta.com/resources/whitepaper/multi-factor-authentication-deployment-guide/
Without the Enrollment policies, users needs to be already enrolled into the MFA factor required by the Passwordless authn sign-on policy, otherwise, users will experience an authn loop since the factor is required but the user is not enrolled into the factor yet and there is no Enrollment Policy that can redirect the user to the enrollment process.
If you'll have any questions or require assistance , please open a case with Okta Support.
Kind regards,
Sergiu Costea,
Technical Support Engineer
Okta Global Customer Care