I am trying to use “Factor Sequencing” passwordless feature of okta. If we enable this, is it possible to control this for a specific group of users? We don’t want everyone to login using OTP.
Yes, under Security>Multifactor>Factor Enrollment you can specify a group
- Enabled SMS MFA
- Configured Sign On Policy with SMS
- Configured Factor Enrollment with a new group called “testpasswordless”
- Created new user with “testpasswordless’ group and mobile number with activation lifecycle enabled though API without password
- On clicking the Activation link, okta is asking the user to set the password
I was expecting a SMS but okta activation link is asking the user to set the password & challenge questions. The new user also belongs to default “EveryOne” group and MFA is not enabled for “EveryOne” group.