<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008gLwvFCASOkta Classic EngineMulti-Factor AuthenticationAnswered2026-04-01T09:00:20.000Z2023-01-20T18:34:57.000Z2023-01-23T20:19:06.000Z

NagarajanR.41027 (GSA) asked a question.

January 20, 2023 at 6:34 PM
OKTA MFA

We are having an inconsistent behavior of the Do not challenge this Device again checkbox checked. The users are getting annoyed after the repeated MFA Challenge answers every time they login.

OKTA Support has provided the following configuration changes to resolve the above issue

Access the OKTA Admin Console

Navigate to Security > Authentication > Sign On

Locate the Sign On Policy in question and locate the Sign On Rule, then click Edit (The Pencil icon)

To modify the number of minutes, hours, or days of the prompt, simply change the Per Session value under Factor requirement section

To remove the prompt, select either Per Device or Every Time and click Update Rule

But we don't see the Factor requirement section in the Sign On Rules. We see Policy settings and session management only. Can someone help us how to get avoid the MFA Challenge Answers even after checking the Do not challenge this device again checkbox.

 

  • 3 answers
  • 893 views

  • Paul S. (Okta, Inc.)

    Hello @NagarajanR.41027 (GSA)​ Thank you for reacting out to our Community!

     

    If your users are checking the box for "Do not Challenge this device again" and they are still challenged, there could be a few reasons for that:

    • users clears cache and cookies or the browser does not save them
    • user uses a different browser
    • user uses a thick client

    Please also take in consideration that this setting is working based on the browser cache, if they are removed or not stored then they will be prompted all the time.

    I would recommend to review our documentation and based on the type of Okta org you have to adjust the Policy also based on your user's browser settings :

    For OIE: https://help.okta.com/oie/en-us/Content/Topics/identity-engine/policies/about-app-sign-on-policies.htm

    For Classis :https://help.okta.com/en-us/Content/Topics/Security/policies/configure-signon-policies.htm#:~:text=The%20Okta%20sign%2Don%20policy,on%20policy%20in%20the%20list.

     

    The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.

    Community members help others by clicking Upvote or Select as Best on responses. Try it today.

    Expand Post

  • NagarajanR.41027 (GSA)

    We have verified the user's browser settings and the cache is not cleared when the leave the browser. We have tried both in EDGE and Google Chrome and both the browser is prompting to enter the MFA even after checking Do not challenge this device again.

     

    Also we are not seeing the following in the Sign On Rule AND  Behavior is AND Risk is

    Is the Rule setup for different customers?

     

    Expand Post

    • k5fuw (k5fuw)

      Look in the Policy Settings of the sign-on rules, for "MFA lifetime", just above Session management. This is the setting that Paul was referring to.

This question is closed.
Loading
OKTA MFA