EmilyB.10175 (Customer) asked a question.
I am a fairly new employee who is working with an already set up instance of Okta. We have an issue with how users sign in. Instead of Okta asking for a password first it requests MFA verification, then asks the user to enter their password.
This causes some issues especially when a user gets a new phone and has to set up their Mutli-Factor authentication. The only way we can allow the user to setup their MFA again is to deactivate and reactivate their accounts in okta, which is less than ideal. I am assuming the reason this is happening is because of a policy somewhere, but not sure if it would exist in the MFA section or somewhere else.
If there is anyone out there who has encountered a similar issue and was able to fix it, any guidance would be greatly appreciated! I am happy to provide additional details if needed! Thanks, in advance!
Hi Emily,
In the classic engine first check that factor sequencing is enabled for your tenant or not.
For that you can go in the Admin Console, go to Security > Authentication. On the Sign On tab, select a rule and click Edit. See the Factor Sequence option in the Authentication methods section.
Secondly, if user wants to use the okta verify on the new phone then admin has to reset Multifactor from the more actions in the user profile. Also user can reset the okta verify from the user dashboard itself by clicking on settings > edit profile > click on set up extra verification which user wants to reset.
Thanks and Regards,
Shraddha