<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008SKhkyCADOkta Classic EngineMulti-Factor AuthenticationAnswered2024-05-03T19:59:51.000Z2022-12-03T00:26:39.000Z2022-12-24T19:56:38.000Z

MatthewH.10249 (State of Iowa) asked a question.

December 3, 2022 at 12:26 AM
MFA and Security Question settings for Org2Org Admin account on Hub

I have an Org2Org user account that has admin access on both Hub and Spoke tenants. When logging into the Hub I'm redirected to the Spoke as expected where I can login and perform MFA. That works great however, when I'm redirected back to the Hub and then try to access the Admin Dashboard of the Hub it requires MFA. While I was able to set MFA up the first time I accessed the Hub, when I try to go to settings to modify them or any other user setting in the Hub, I cannot as it requires a password. Org2Org users will never know their Hub password so how do I get past this catch22?

  • 3 answers
  • 750 views

  • Paul S. (Okta, Inc.)

    Hello @MatthewH.10249 (State of Iowa)​ Thank you for reacting out to our Community!

     

    To avoid this you could enable Password sync from the Provisioning tab this way your users password will sync from Hub to Spoke, as per our documentation below:

    https://saml-doc.okta.com/Provisioning_Docs/Okta-Org2Org_Provisioning.html

     

    The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.

    Community members help others by clicking Upvote or Select as Best on responses. Try it today.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @MatthewH.10249 (State of Iowa)​ Thank you for reacting out to our Community!

     

    To avoid this you could enable Password sync from the Provisioning tab this way your users password will sync from Hub to Spoke, as per our documentation below:

    https://saml-doc.okta.com/Provisioning_Docs/Okta-Org2Org_Provisioning.html

     

    The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.

    Community members help others by clicking Upvote or Select as Best on responses. Try it today.

    Expand Post
    Selected as Best

  • MatthewH.10249 (State of Iowa)

    I'll have to circle back on this as we tried password sync when we first started playing with the Org2Org but found a few reasons why we could not go that route. I'll have to see if any of those are still valid issues today.

     

    Short of using password sync, are there any other options?

  • Issac Brumer (Customer)

    If this is a "one-off", have another admin account reset MFA administratively on the account you're trying to fix. Then try signing into hub admin. If your enrollment policies allow this account to set up MFA, it will be guided to do so (without password.) (Look out for MFA enrollment policies that "do not enroll", such as when not on network.)

This question is closed.
Loading
MFA and Security Question settings for Org2Org Admin account on Hub