Create sign-on policies with Okta Applications

Okta has several first-party applications that are available by default for each Okta instance. You can add app sign-on policies to allow or restrict access to first-party applications. You must be a super admin to create sign-on policies.

Learn more about Sign-on policies

The following are some examples of what admins can achieve through Okta Applications:

  • Create a more restrictive MFA policy for admins so that they must re-authenticate every sign-on instead of once per day.

  • Do a slow rollout of the Okta End-User Dashboard depending on who users are and the groups they belong to.

  • Disable access to the Okta End-User Dashboard for all users in your org if they use another custom dashboard or application.

Supported Applications:

  • Okta End-User Dashboard
  • Okta Browser Plugin
  • OktaAdmin Console

View your supported apps

Use the following steps to view a list of your first party applications.

  1. From the Admin Dashboard, select Applications.
  2. Use the search bar to find your application.

Okta End-User Dashboard

You can now modify the sign-on policies for the Okta End-User Dashboard to limit access to the Okta End-User experience for some or all of your users. If you're using an old version of either app, you must create a sign-on policy for the Okta Dashboard app to grant users and groups access to the new dashboard and plugin. You won't be able to enable the new experience for your users if you don't create this policy.

See Control access to the Okta End-User Dashboard for best practices.

Sign-on policies created for the Okta End-User Dashboard will only apply to the new Okta End-User Dashboard. Users who sign in to the older Okta End-User Dashboard aren't affected, and will only have the default Okta sign-on policy applied to them. As such, Okta recommends switching all users to the new Okta end-user experience and removing access to the old Okta End-User Dashboard so that all end users go through the same sign-on experience.

OktaAdmin Console

By default, the Admin Console sign-on policy requires multifactor authentication for administrators. If Okta sign-on policy already requires multifactor authentication, the admin isn't prompted a second time.

You can't manage your admins from the Admin Console application. To manage your admins, go to SecurityAdministrators.