<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009RNiPICA1Okta Classic EngineAdministrationAnswered2025-10-11T09:01:02.000Z2023-07-12T04:10:23.000Z2023-07-12T14:06:15.000Z

lnllt (lnllt) asked a question.

July 12, 2023 at 4:10 AM
Difference between Okta Sign On Policy and Sign On Policy

If you go to Security -> Authentication -> Sign On tab, you can a sign on policy and apply it to groups.

If you go to Applications -> Applications -> your app's Sign On tab, you can create a sign on policy rule down the bottom.

 

Why are there two ways to create a sign on policy?

 

For the first one, you can set it so users are prompted for MFA every sign in:

Image is not available

However, for the second one, you can set the prompt for once a month:

Image is not available

 

Which one wins? Are we meant to use, one or the other, or both?

  • 1 answer
  • 363 views

  • flz9z (flz9z)

    Hi ,

    I hope you are referring to the classic engine. In classic engine sign on policy will apply for the okta tenant and application policy sign on policy will applicable when you directly access the application.

     

This question is closed.
Loading
Difference between Okta Sign On Policy and Sign On Policy