<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009hcdhsCAAOkta Classic EngineMulti-Factor AuthenticationAnswered2025-09-13T09:01:51.000Z2023-10-12T16:41:06.000Z2023-10-31T21:55:16.000Z

9wd7m (9wd7m) asked a question.

October 12, 2023 at 4:41 PM
Removing SMS as a factor when thats the only factor most users are enrolled in

We want to remove SMS as a factor, however, almost all of our users are using it as their sole factor. My plan is to mark Okta verify as required, give it a couple of weeks so everyone gets enrolled, then remove SMS. Does this sound like a reasonable plan?

 

If I were to just disable SMS, would the users get prompted to enroll in MFA or would they get locked out as they have no factors available for login?

  • 2 answers
  • 1.69K views

  • User16594883467582706479 (Customer Support Online Experience)

    Hi, @9wd7m (9wd7m)​ 

     

    Thank you for posting on our Community page!

     

    I would suggest MFA factor sequencing to make sure that the login goes smoothly until you implement OV on a larger scale. You could test it first on a small group.

     

    https://help.okta.com/en-us/content/topics/security/mfa-factor-sequencing.htm

     

    If a specific factor is specified in a policy, that factor can't be removed until it's removed from all the policies that require it. If MFA is enabled for your org, you're required to specify at least one factor. If a factor isn't specified, an error message appears on the Multifactor page.

     

    Thank you for reaching out to our Community and have a great day!

    _____________________________________________________________________________

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    _____________________________________________________________________________

    Expand Post
    Selected as Best

  • User16594883467582706479 (Customer Support Online Experience)

    Hi, @9wd7m (9wd7m)​ 

     

    Thank you for posting on our Community page!

     

    I would suggest MFA factor sequencing to make sure that the login goes smoothly until you implement OV on a larger scale. You could test it first on a small group.

     

    https://help.okta.com/en-us/content/topics/security/mfa-factor-sequencing.htm

     

    If a specific factor is specified in a policy, that factor can't be removed until it's removed from all the policies that require it. If MFA is enabled for your org, you're required to specify at least one factor. If a factor isn't specified, an error message appears on the Multifactor page.

     

    Thank you for reaching out to our Community and have a great day!

    _____________________________________________________________________________

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    _____________________________________________________________________________

    Expand Post
    Selected as Best

  • a0n5s (a0n5s)

    @9wd7m (9wd7m)​ https://sec.okta.com/articles/2023/08/byo-telephony-and-future-sms-okta as this document told remove sms is a good idea. set okta verify as required, so they the enduser will setup okta verify before they login the application. then told all user should setup okta verify in some days like one month. after that check whether most of user has setup okta verify, then disable sms. the user without setup okta verify should contact helpdesk reset mfa.

    Expand Post
This question is closed.
Loading
Removing SMS as a factor when thats the only factor most users are enrolled in