In Okta Classis Setting Email Authentication to Required Resulted in first login experience without user being prompt for other enrolments

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z0000AIGrloCQDOkta Classic EngineAuthenticationAnswered2026-06-05T18:06:22.000Z2024-12-05T07:43:13.000Z2026-06-05T18:06:22.000Z

User17333837903154001253 (Customer) asked a question.

December 5, 2024 at 7:43 AM

In Okta Classis Setting Email Authentication to Required Resulted in first login experience without user being prompt for other enrolments

Hi,

I'm trying to understand what is happening in our Okta classic.

we have 4 options for the users for MFA enrolment, all of them set to optional.

At first login user needs to set at least one.

Now, If I change the Sms authentication (for example) to be required, the user first login is as expected:

user first needs to set and validate the SMS. than it is being prompted with the option to enrol with additional factors if he like.

But if I set Email authentication to required - I get a different first experience.

the user will need to validate his email, and that is it. he will not be prompted to enrol in additional factors.

Do you know why is that? And if it is possible to change?

Authentication

Top Rated Answers

Paul S. (Okta, Inc.)
2 years ago
Hello @User17333837903154001253 (Customer) Thank you for posting on our Community page!

What you are seeing is expected behaviour. Email MFA is auto-enrolled and is ready to use as an MFA when the user logs in the first time.
https://help.okta.com/en-us/content/topics/security/mfa/email.htm

Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Ask Us Anything about Okta FastPass - now thru December 11th.
Expand Post
Selected as Best

All Answers

Paul S. (Okta, Inc.)
2 years ago
Hello @User17333837903154001253 (Customer) Thank you for posting on our Community page!

What you are seeing is expected behaviour. Email MFA is auto-enrolled and is ready to use as an MFA when the user logs in the first time.
https://help.okta.com/en-us/content/topics/security/mfa/email.htm

Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Ask Us Anything about Okta FastPass - now thru December 11th.
Expand Post
Selected as Best
User17333837903154001253 (Customer)
2 years ago
Hi,
The question is why the user is not being prompted to enroll in additional factors in such case?
As I explained above: in case of 'SMS authentication' set to required the user is given the option to enroll to additional factors at first login.
When 'Email Authentication' is set to required - there is no such option at first login.
The question why and if it can be changed?
Expand Post

This question is closed.

Recommended content

Forum

Require Factors Not being prompted - Identity Engine

Forum

First connection to a developper account without a smartphone

Forum

Why is one of our users repeatedly prompted to authenticate?

Forum

How to log in(Tableau Online) using okta without an extra login prompt?

Loading

In Okta Classis Setting Email Authentication to Required Resulted in first login experience without user being prompt for other enrolments