Disable weaker MFA factors in factor enrollment policies
An Okta admin can configure MFA at the organization level or application level. When MFA is enabled for either, end users are prompted to confirm their credentials with factors both when signing in to Okta and when accessing an application. Strong factors have better resistance to phishing and man-in-the-middle attacks.
HealthInsight task recommendation
Enable strong MFA factors to improve resistance to phishing and man-in-the-middle attacks.
Okta recommends |
Update factor enrollment policies based on the following:
|
Security impact |
High |
End-user impact |
High When signing in to their org, end users will be prompted to enroll in required factors and may enroll in any factors set to optional. Factors that have been disabled are not visible to end users. |
Enable strong factors for factor enrollment
- In the Admin Console, go to Security > Multifactor.
- Click Factor Enrollment.
- Click Edit to modify the enrollment policy of your choice.
- Set the factor of your choice to Required, Optional, or Disabled.
The factor must be disabled in all factor enrollment policies before the factor type can be deactivated from the Factor Type tab.