I noticed that the Okta Account Management Policy page in Authentication Policies allows for progressive authentication (so it only requires multiple factors if the user is enrolled in them); however, it seems this option doesn’t show up for app sign-in? It is a bit confusing. We want to make MFA opt-in, so those who enroll in it would be required to do their app sign-in with it and would otherwise sign-in via password.
Is this sort of setup possible?
I’ve been waiting for any answer on this for more than two weeks. So I assume it’s a no?
You might have better luck asking about this in our main community forum, since this space is more dedicated towards solutions for custom SCIM, OAuth, SAML and Workflows integrations.
That said, the only way I can think of achieving this is to put users who have opted into MFA in a dedicated group and then in your authentication policies, challenge users in that group for MFA
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.