<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008gkvjvCAAOkta Classic EngineMulti-Factor AuthenticationAnswered2024-04-16T12:22:56.000Z2023-01-25T16:43:04.000Z2023-02-07T21:42:48.000Z

himoc (himoc) asked a question.

January 25, 2023 at 4:43 PM
Adding Multiple MFA Apps and letting the user decide anyone configure

Currently, the System is configured with Okta Verify and Google Authenticator as the Authenticators App. Okta is list these two while the user configures the user account as expected. This enables the user to configure one or both apps as an MFA app. This behaviour is okay, but I don't want the user to set up both. If they chose one and completed the setup, the system should not be asking for the second one to set up. Currently, okta gives a skip option, but I just want the user to continue to log in after setting up any one MFA.

 

Not sure how to configure this!

My Current Auth Rule :

Image is not available

  • 3 answers
  • 1.23K views
q478i likes this.

  • Mihai N. (Okta, Inc.)

    Hi @himoc (himoc)​  , Thank you for reaching out to the Okta Community!

     

    If I'm understanding this correctly, what you are describing is the Authenticator (MFA) enrollment flow(policy). 

    There currently is no "either one OR the other" type functionality; Just "Required AND/OR Optional" for Authenticator enrollment if we're talking about the initial login.

    Once an Authenticator has been set up and the other has been skipped (if set as "optional"), subsequent login attempts should just prompt the user to login with that one and they'll have the option to set up the other from their end-user settings page. 

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post

  • himoc (himoc)

    Hi @Mihai N. (Okta, Inc.)​ Negoita , thank you so much for the response.

     

    My issue is a bit different; I don't want the second MFA Authenticator enrollment to be displayed as the first one is already completed. The MFA Authenticator config needs to be like this: anyone to be enrolled (the one user selected from the list), if one is completed, redirect the user to the next process, not to the second MFA setup.

     

    Thanks

     

    Expand Post

    • Mihai N. (Okta, Inc.)

      By default, the end-user is presented with the option to enroll one, several or all available Authenticators just the first time the enrollment rule is triggered. They have to choose at least one as per the enrollment rules and enroll with the others or skip them as desired. Once they have done so and signed into Okta or an application that you set up, the next time they sign in (for example the next day), they will not be prompted to enroll.

      If you are experiencing a different behavior, I recommend that you open a case and go over your configuration with one of our Support Engineers.

      Expand Post
This question is closed.
Loading
Adding Multiple MFA Apps and letting the user decide anyone configure