Schlarb, John (CCI-Atlanta)S.22046 (Customer) asked a question.
"Trust This Device" behavior when Application Rule is set for MFA
My tenant-level Sign-On policy (Security>Authentication>Sign On) has a rule that requires MFA, with "Per Device" checked. However, my application has a policy which requires MFA for every sign-on (Prompt for Factor, Every sign on). The behavior of the Okta widget seems to prioritize the Application Rule, as I would expect. But it also shows the "Remember This Device" checkbox, which seems wrong.
Is this a bug, and if so how would I go about searching the known issues to make sure I'm not creating a duplicate case?
I just wanted to add that if I delete the Application's sign-on rule, my device is remembered (i.e. the org-level policy is honored).
I opened case 00938175 for this, thanks.