App Condition for MFA Enrollment Policy
Based on how the condition is set, end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. may be prompted to enroll in a factor when accessing all applications available to them or for specific applications only.
Before you begin
Note the following when setting the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. condition:
- A multifactor policy must be first created before a rule can be set up to setting the app condition.
- Apps that are based on OIDCOpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID Foundation., SAML1.1, SAML2, SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. are all supported.
- All apps are supported except for Microsoft clients that use active mode authentication.
- Microsoft Office 365 is supported; outdated Microsoft Office thick clients are not supported.
Configure the app condition
- From the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. dashboard, navigate to Security > Multifactor > Factor Enrollment > Add Multifactor Policy.
- Click Add Rule or Edit Rule to modify an existing rule. Note that a rule can only be added once a multifactor policy has been created.
- Under AND User is accessing, select Applications.
- Select Any application to apply this rule to all applications that can be accessed by the end user. Select Specific applications to manually enter the applications that will be affected by this rule. Only applications that are available to end users will be displayed here.
- Click Update Rule to save your changes.
For more information about factor enrollment policies and rules, refer to Multifactor Authentication.