Authentication Policy Constraint for specific IdP factor

dmirch · May 17, 2024, 8:04pm

Hi there - we were suggested to post here based on this question: Okta Help Center (Lightning)

I’m aware of the Authentication Method Object and the Authenticator key, type, method, and characteristic relationships table as well from: Policy | Okta Developer

I’m wondering if it’s possible with policy constraints to restrict which IdP factor is used to authenticate to an app?

For example if we have this:

      "possession": {
        "required": true,
        "methods": [
          "idp"
        ],

It will allow any IdP factor which the user has enrolled. As mentioned in the Okta support question this poses a challenge if we have a staging and prod IdP and IdP factor in the same Okta environment.

nikitag · June 14, 2024, 11:28am

Hi there,

Currently it is not possible to restrict which IdP factor is used to authenticate to specific apps.

We suggest you submit a feature request to Okta Ideas, more information about how to use Okta Ideas found here: Okta Help Center (Lightning).

Once ideas are submitted, other Okta admins will have the ability to vote on them to help our Product team prioritize requests. Additionally, you will be able to monitor the potential for future enhancements there.

system · July 14, 2024, 11:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
How to Enforce Multiple Possession Factors in Okta Authentication Policies? Questions mfa	1	15	December 30, 2024
Multiple Inbound Identity Providers in Widget Questions	2	3510	March 11, 2021
Using Multiple IdP Factors Questions idp	5	664	May 29, 2024
Problem with security question as authenticator Questions mfa	1	1815	December 25, 2023
IDP Factor enrollment Questions	1	3212	January 26, 2024

Authentication Policy Constraint for specific IdP factor

Related topics