<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001jJmBO0A0Okta Classic EngineMulti-Factor AuthenticationAnswered2026-06-04T16:53:23.000Z2026-06-04T04:39:55.000Z2026-06-04T16:53:23.000Z

gayeongs.91919 (Customer) asked a question.

June 4, 2026 at 4:39 AM
Is there any MFA Best Practices for Shared Device Environment? (Multiple Users per Device)

Hi everyone,

My client is evaluating a scenario where a single company-owned device is shared by multiple users for Okta MFA authentication.

 

We already opened a support case and received confirmation that Okta does not officially support or recommend the smartphone sharing scenario, and that there is no official Best Practice or reference architecture for this use case.

 

Has anyone dealt with a similar scenario?

If so, what MFA approach did you end up recommending?

 

Any real-world experience would be appreciated.

 

Thank you.

  • 1 answer
  • 18 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @gayeongs.91919 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    I would like to preface my response by saying that Okta does indeed not recommend sharing devices for this use case due to the high inherent security risks. 

    That being said, you could perhaps look into Hardware key options like Yubikey (FIDO2 / WebAuthn) to register multiple users per device. 

    How it works: User A logs into Okta and registers the key. User B then logs into their own Okta account and registers the exact same physical key. The key generates and stores separate, isolated cryptographic credentials for each user.

    The Catch: While technically possible, this is heavily discouraged for two reasons:

    • Logistical Friction: Users must physically pass the key to one another whenever someone needs to authenticate, which disrupts workflows.
    • Security Risk: If the physical key is lost, damaged, or stolen, all users sharing that key are locked out of their accounts simultaneously. (same would apply for a smartphone)

     

    We'll leave this question open in case anyone else in the Community can provide real-world insights.  

     

     

     

     

    Regards.

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post

Loading
Is there any MFA Best Practices for Shared Device Environment? (Multiple Users per Device)