Create sign-on policies with Okta Applications

Okta has several first party applications that are available by default for each Okta instance. Additionally, you can now add app-based sign-on policies for all first party apps to allow or restrict access to first party applications. Learn more about sign-on policies for applications.

Here are some examples of what admins can achieve through Okta Applications:

  • Create a more restrictive MFA policy for admins so that they must re-auth every sign on instead of once per day

  • Do a slow rollout of the new Okta End-User Dashboard depending on who users are and the groups they belong to

  • Disable access to the Okta End-User Dashboard for all users in your org if they use another custom dashboard or application

  • Admins must hold Super Admin permissions in order to create sign-on policies for their orgs.

Supported Applications:

  • Okta End-User Dashboard
  • Okta Browser Plugin
  • Okta Admin Console

View your supported apps

Use the following steps to view a list of your first party applications.

  1. From the Admin Dashboard, select Applications.
  2. Use the search bar to find your application.

Okta End-User Dashboard

You can now modify sign on policies for the Okta End-User Dashboard to limit access to the New Okta End-User experience for some or all of your users. If you are currently using an old version of either app, you must create a sign on policy for the Okta Dashboard app to grant users and groups access to the new dashboard and plugin. If you do not create this new policy, you will not be able to enable the new experience for your users.

See our New End User Experience deployment guide to see our best practices.

Sign-on policies created for the Okta End-User Dashboard will only apply to the new Okta End-User Dashboard. Users who sign in to the old Okta End-User Dashboard are not affected, and will only have the default Okta sign-on policy applied to them. As such, we recommend switching all users to the new Okta end-user experience and removing access to the old Okta End-User Dashboard so that all end users go through the same sign-on experience.

Okta Admin Console

By default, the Okta Admin Console sign on policy requires multifactor authentication for administrators. If an org's sign-on policy already requires multifactor authentication, the admin won't be prompted a second time.

You cannot manage your admins from the Admin Console application. To manage your admins, please continue to use the Administrators page under Security.