dse7i (dse7i) asked a question.
Will Sign-On policy enforce MFA requirement even if all factors are optional
Hi,
We wanted to check that our sign-on policy will still enforce an MFA prompt if we set MFA enrollment for optional on all of the enabled factors.
For example, if we have our default MFA enrollment policy as webauthn and okta push as optional factors, and then set the default sign-on policy; we expect that the user must use a factor for authentication to okta if there's no other policy they'd fall under.
Hello @dse7i (dse7i)
I hope you are having a great day sign
Thank you for posting, in this scenario you need configure your App Sign-On Policies to prompt end users for MFA, be aware that legacy protocols such as POP or IMAP do not support MFA even if MFA is configured for Okta sign-in.
You can learn more about this topic in the following links, this information will allow you to check the configuration and proper functionality of your MFA.
https://help.okta.com/en/prod/Content/Topics/Security/policies/about-app-signon-policies.htm
https://help.okta.com/en/prod/Content/Topics/Security/policies/about-signon-policies.htm
I hope this helps!
Have a great day ahead
Regards
Henry E.
Okta Inc