Enable MFA for the Admin Console

Super admins can enable mandatory multifactor authentication (MFA) for all admins who access the Okta Admin Console.

  • After this feature is enabled, the MFA policy for the Admin Console is enabled by default. The next time an admin signs in, they're prompted to set up MFA for access to the Admin Console. Admins who haven't enrolled in MFA are prompted to enroll for the first time.
  • At least one factor must be turned on for your org to enable this setting. If the org doesn't have any MFA factors enabled, Okta Verify with one time passwords (OTP) are enabled as the default factor. If factors have already been configured, then no changes are made.
  • You can also make additional changes to your MFA policy. See Configure an app sign-on policy
  • Never disable MFA for admins. This decreases the overall security posture of your org and increases the risk that admin accounts might be compromised.

Start the task

  1. In the Admin Console, go to ApplicationsApplications.

  2. Select Okta Admin Console.
  3. Click the Sign On tab. For the Admin App Policy, click the Edit rule icon.
  4. To enable MFA for admins, ensure that the Disable rule checkbox isn't selected. If you select this checkbox, you disable MFA for admins.