App Condition for MFA Enrollment Policy


With this feature enabled, an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. can use a new condition for end user applications as part of a rule for factor enrollment. With this condition, end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. can be prompted for factor enrollment either when accessing all applications or for selected applications that are specified by the admin.


User Role User Impact
Okta Admin Use the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. condition as part of the factor enrollment rule to select either all applications available or for specific applications that can be manually selected.
End User Based on how the condition is set, end users may be prompted to enroll in a factor when accessing all applications available to them or for specific applications only.


  • A multifactor policy must be first created before a rule can be set up to use the app condition feature.

Accessing this feature

  1. From the admin dashboard, navigate to Security > Multifactor > Factor Enrollment > Add Multifactor Policy.
  2. Click Add Rule or Edit Rule to modify an existing rule. Note that a rule can only be added once a multifactor policy has been created.
  3. Under AND User is accessing, select Applications.
  4. Select Any application to apply this rule to all applications that can be accessed by the end user. Select Specific applications to manually enter the applications that will be affected by this rule. Only applications that are available to end users will be displayed here.
  5. Click Update Rule to save your changes.

Edit Rule screen

For more information about factor enrollment policies and rules, refer to Multifactor Authentication.