<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009hcZMPCA2Okta Classic EngineMulti-Factor AuthenticationAnswered2025-10-11T09:00:47.000Z2023-10-12T13:35:26.000Z2023-10-31T21:55:47.000Z

Mohit (Admin)S.95937 (Convera Holdings LLC) asked a question.

October 12, 2023 at 1:35 PM
MFA for different application administrators.

Hi,

 

We are working on a solution to enforce MFA every time the administrator of a particular application is login to the respective application.

 

Requirement -

1. MFA must be enforced every time if administrator of XYZ application is accessing XYZ application.

2. Solution must not ask MFA if that user is accessing application other than XYZ application where the user is not administrator.

 

Please let me know if anyone has implement such scenario before and what are the best practices to implement the solution through Okta.

  • 2 answers
  • 541 views

  • b5n6c (b5n6c)

    Hi Mohit Sharma,

    Okta have the capability to enable application level MFA policy through which we can control the reauthentication frequency for specific users/groups.

    Steps to follow ,

    1. Firstly you can create a group for the administrators then go to Applications > Applications.
    2. Select the application where you want to apply the policy.
    3. Click the Sign On tab > User authentication > View policy details > Add Rule > Enter a rule name > In the PEOPLE section, select the group (Created for the administrators) .
    4. In the reauthentication frequency section you can enable it for Every signin attempt.

     

     

    Expand Post
    Selected as Best

  • b5n6c (b5n6c)

    Hi Mohit Sharma,

    Okta have the capability to enable application level MFA policy through which we can control the reauthentication frequency for specific users/groups.

    Steps to follow ,

    1. Firstly you can create a group for the administrators then go to Applications > Applications.
    2. Select the application where you want to apply the policy.
    3. Click the Sign On tab > User authentication > View policy details > Add Rule > Enter a rule name > In the PEOPLE section, select the group (Created for the administrators) .
    4. In the reauthentication frequency section you can enable it for Every signin attempt.

     

     

    Expand Post
    Selected as Best

  • Mohit (Admin)S.95937 (Convera Holdings LLC)

    hi @b5n6c (b5n6c)​  - Thanks for your reply. In this case, do we have to create different authentication policies for respective applications with respective admin groups?

    Is there can be any alternative solution?

This question is closed.
Loading
MFA for different application administrators.