PrateekT.00945 (Customer) asked a question.
I am currently embedding the Okta login widget in a self-hosted page https://github.com/okta/okta-signin-widget, using it to log users into my SAML App.
I am trying to prompt the users for factors within the login widget itself with App-level MFA configured. The expected behavior is that the user enters username/password on the login widget, then gets prompted for additional factors on the widget and enters them in the widget. The actual behavior is the username enters username/password on the login widget, then gets redirected to an Okta-hosted login page, and enters additional factors on the Okta-hosted login page.
Is there any way to prompt the users for factors within the login widget itself, without having to redirect to Okta-hosted login page? I know there is a workaround by using an Organization-level MFA policy, but I want to see if I can enable MFA for users that are trying to log in to a particular SAML Application, without affecting the authentication flow of of users assigned to other Apps in the same Okta organization.
Hello @PrateekT.00945 (Customer) Thank you for reaching out to our Community!
The flow that you are seeing seem to be expected behaviour and this has been discussed here, please see below article:
https://github.com/okta/okta-signin-widget/issues/923
Also, to setup MFA at application level please see out articles below that might provide additional inside:
https://help.okta.com/en/prod/Content/Topics/Security/MFA_App_Level.htm
https://help.okta.com/en/prod/Content/Topics/Security/MFA_App_Condition.htm
Hope this helps!