130vc (130vc) asked a question.
Adding extra in-app MFA layer to specific sensitive pages
Our app uses Okta to authenticate users during login.
We would like to add an extra layer of MFA to our app, in which in addition to the normal login page, if a user wants to access a certain data-sensitive page, they would have to go and verify themselves again using MFA even if they are already logged-in.
This is similar to when a user is about to change their password and are required to re-approve it's them right before the sensitive action.
Does Okta provide this capability, and if so what is the best practice?
Thanks
Hi Yoaz, You should be able to configure the MFA for specific user groups, the article outlines that https://help.okta.com/en-us/Content/Topics/Security/policies/configure-app-signon-policies.htm , While I know this may not be a direct answer to your questions but it can help you explore.
I understand your user case and am actively looking for a solution this week.