<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006bQFMFSA4Okta Classic EngineMulti-Factor AuthenticationAnswered2025-06-14T12:59:30.000Z2019-08-29T17:26:10.000Z2019-09-23T22:27:05.000Z

n11my (n11my) asked a question.

August 29, 2019 at 5:26 PM
Force Users to Enroll MFA Factor:

We have deployed MFA (not adaptive) and are struggling with getting the remainder of users enrolled/registered as we are not aware of a solid solution to force a user to register and enroll a device. it's been a slow roll, we have already sent out a second email to all users who have not registered. Is their a technical solution within Okta or anything that has worked for you?

 

Background: Only enforcing it on O365 resources while user is off the network

  • 6 answers
  • 2.19K views

  • sweety.deka1.5316650008632915E12 (Okta, Inc.)

    Hi Obai,

     

     

     

     

     

    In order to force users to enroll you must set at least one factor as required and in the rule you must select when the user first sign in. This will force users to enroll to designated factor on the next login.

     

     

     

     

     

    Also there is an option in MFA enrollment policy to choose a specific application when MFA should be enforced. This is an EA feature which you will have to request to Okta Support by submitting a support case. You can set the IP zone too in a policy, More details available here under section "Multifactor Policies" https://help.okta.com/en/prod/Content/Topics/Security/MFA.htm

    Expand Post
    Selected as Best

  • molly.masterson1.5499146976511477E12 (Okta)

    Thanks for your question! I've escalated this to Support to see if they can help you find a solution - in the meantime, is there anyone on the Community who might be able to help Obai out with this?

  • BhaskarM.18336 (Customer)

    You can create MFA enrollment policy , applies to everyone group or so and apply a rule accordingly..

  • n11my (n11my)

    Bhaskar - thank you. What is the best way to go about that specifically or do you have an article or document for reference?

  • sweety.deka1.5316650008632915E12 (Okta, Inc.)

    Hi Obai,

     

     

     

     

     

    In order to force users to enroll you must set at least one factor as required and in the rule you must select when the user first sign in. This will force users to enroll to designated factor on the next login.

     

     

     

     

     

    Also there is an option in MFA enrollment policy to choose a specific application when MFA should be enforced. This is an EA feature which you will have to request to Okta Support by submitting a support case. You can set the IP zone too in a policy, More details available here under section "Multifactor Policies" https://help.okta.com/en/prod/Content/Topics/Security/MFA.htm

    Expand Post
    Selected as Best
This question is closed.
Loading
Force Users to Enroll MFA Factor: