<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A1qOYNCQ2Okta Classic EngineAuthenticationAnswered2024-03-19T18:29:19.000Z2024-03-02T23:36:04.000Z2024-03-19T18:29:19.000Z

User16400407433332769681 (Customer) asked a question.

March 2, 2024 at 11:36 PM
How to set authentication policy requiring only Password and email for a specific group

Hello,

I am failing my practice exam/s for Use case as I am unable to figure out how to remove Okta Verify on a group rule.

This is on the practice exam not in a live environment.

I have set up the Authenticators for Password, Security question and email and disabled Okta Verify

Set up a Global session Policy for password

Created a new policy in the Authentication Policies blade

And noticed that Okta verify is added as the Additional factor types

 

I have taken the steps to delete Okta Verify in the Authenticators while having the other authenticators enabled for Password, Email and Security question.

Once I delete Okta Verify I get the Cannot remove Okta Verify at this time. Cannot modify/disable this authenticator because it is enabled in one or more policies. To continue, disable the authenticator in these policies.

I noticed in that screen I see my new policy I created and I am assuming that this message is due to that policy having Okta Verify as an authenticator.

When I press App Assurance Policies, I am taken back to Authentication Policies.

What do I do next?

Change the "Any Two Factors" first?

Then in the rule of "Any Two Factors" do I change the IF any request > Then and press Actions to choose Password?

After that and I Save Anyway, I went back to Authenticators and tried to delete Okta Verify again but this did not change in the new policy list of authenticators or the rule

 

Please advise I know I am missing a step

I want to pass my exam 🙂

 

  • 2 answers
  • 368 views

  • Paul S. (Okta, Inc.)

    Hello @User16400407433332769681 (Customer)​ Thank you for reacting out to our Community!

     

    Since this Authentication Policy will be only for a specific group, I would recommend to setup a new Enrolment policy to be applied to the required group and have just Password and Email as the authenticators. Make sure that this is the highest Policy in the for Authenticators.

    After that is done, I will recommend to go to Authentication policy and create new rules for the applications needed to be to be part of this test and that needs to apply only to the users from that specific group. Like last time, make sure the new rules are the first priority.

     

    Please also review our doc below :

    https://help.okta.com/oie/en-us/content/topics/identity-engine/policies/about-app-sign-on-policies.htm

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

     

    Earn Today: New Okta Community Badges Have Arrived

     

    Subscribe Today: The Okta Community is on YouTube 

    Expand Post
    Selected as Best

  • User16400407433332769681 (Customer)

    Thank you so much Paul,

    I thought to do this but it is not part of a requirement for the Use case practice. I found the way to remove the Okta verify from the default Any Two factor authentication policies and the default policy of the Authenticators. I had to change from any two factor to Password only for all, then I was able to delete the Okta Verify authenticator.

    Thank goodness this is the Practice environment or I will be in such trouble 🙂

     

    Thank you for responding

    Expand Post
This question is closed.
Loading
How to set authentication policy requiring only Password and email for a specific group