h7yzu (h7yzu) asked a question.
Will Primary Email Update trigger MFA_Required?
I have an emailId : abc@test.com attached to okta login.
I have the MFA Factor setup on it too.
Later I decide to update the email ID to def@test.com, I understand that I will receive an email on my new email ID to confirm my email ID.
1) What if I do not confirm my new Email Id with a code, will the old email ID be active.
2) Is it a good idea to let the user confirm from the new Email ID, what if it is an attempt to fraud.?
Is there someway to make sure that this is a valid new email id before user is given rights to change.
Hi, Smitha!
I'm George from Okta Support.
Yes, indeed, you will receive an email on the new one that has been set to confirm that.
If you confirmed the email by following the flow from the email the email will be changed regardless of the MFA being inputted or not afterwards. As long as you do not confirm it, you will still log in with the old email as before.
The email can be changed by either the admin directly or by users if the get this permissions. Either way, it's being done from inside Okta (admin dashboard or end-user settings after he's logged in) so we are not really in danger of a fraud.
As you said, just make sure, check the email twice as and end-user or as an admin before changing it to avoid selecting the wrong email.
But either way, the new email won't be getting the password for the account (the old password remains the same) so we're safe here.
If you need any further assistance, please open a ticket with us and I'll be here to help you.
Have a blessed week.