App condition for MFA enrollment policies

You can set an app condition for end user applications in a multifactor authentication (MFA) enrollment policy. This allows you to prompt end users to enroll in MFA factors when they access any application, or selected applications.

Edit Rule screen


  • Create a multifactor policy before you configure a rule with an app condition.
  • Apps that are based on OIDC, SAML1.1, SAML2, and SWA are supported.
  • All apps are supported except for Microsoft clients that use active mode authentication.
  • Microsoft Office 365 is supported.
  • Outdated Microsoft Office thick clients aren't supported.

See Configure an MFA enrollment policy to configure an app condition.

Related topics

MFA enrollment policies

Configure an MFA enrollment policy