<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009dUG9oCAGOkta Classic EngineMulti-Factor AuthenticationAnswered2025-09-13T09:01:51.000Z2023-09-07T10:23:04.000Z2023-09-21T15:43:45.000Z

AndrewC.67337 (Customer) asked a question.

September 7, 2023 at 10:23 AM
Okta multifactor is multistep and not compliant with industry standards

There are some industry guidelines in the UK which require that all MFA factors be verified prior to the authentication mechanism granting access and that "no prior knowledge of the success or failure of any factor should be provided to the individual until all factors have been presented". As Okta auth doesn't comply with this, I am wondering what Okta's thoughts are? if there are any features in dev for this?

  • 3 answers
  • 365 views

  • Mihai N. (Okta, Inc.)

    Hi @AndrewC.67337 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    I'm not aware of anything specific to the use case you presented but if you are interested in Okta's Compliance you can review more information here.  

    As for future development, you can check our Product roadmap here

    Beyond that, please reach out to your Okta Account Executive or Custom Success Manager for more information.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

     

    Follow us at OktaSupport

    Expand Post
    Selected as Best

  • Mihai N. (Okta, Inc.)

    Hi @AndrewC.67337 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    I'm not aware of anything specific to the use case you presented but if you are interested in Okta's Compliance you can review more information here.  

    As for future development, you can check our Product roadmap here

    Beyond that, please reach out to your Okta Account Executive or Custom Success Manager for more information.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

     

    Follow us at OktaSupport

    Expand Post
    Selected as Best

  • a0n5s (a0n5s)

    @AndrewC.67337 (Customer)​  Do you means:

    Multistep Versus Multifactor

    The PCI requirement became simpler but more restrictive, since all factors must be verified prior to the authentication mechanism granting the requested access. Furthermore, no prior knowledge of the success or failure of any factor should be provided to the individual until all factors have been presented.

     

    https://securityintelligence.com/multistep-authentication-is-no-longer-enough-for-pci-compliance/

    Expand Post
This question is closed.
Loading
Okta multifactor is multistep and not compliant with industry standards