App Condition for MFA Enrollment Policy


With this feature enabled, an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. can use a new condition for end user applications as part of a rule for factor enrollment. With this condition, end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. can be prompted for factor enrollment either when accessing all applications or for selected applications that are specified by the admin.


User Role User Impact
Okta Admin Use the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. condition as part of the factor enrollment rule to select either all applications available or for specific applications that can be manually selected.
End User Based on how the condition is set, end users may be prompted to enroll in a factor when accessing all applications available to them or for specific applications only.


  • A multifactor policy must be first created before a rule can be set up to use the app condition feature.

Accessing this feature

  1. From the admin dashboard, navigate to Security > Multifactor > Factor Enrollment > Add Multifactor Policy.
  2. Click Add Rule or Edit Rule to modify an existing rule. Note that a rule can only be added once a multifactor policy has been created.
  3. Under AND User is accessing, select Applications.
  4. Select Any application to apply this rule to all applications that can be accessed by the end user. Select Specific applications to manually enter the applications that will be affected by this rule. Only applications that are available to end users will be displayed here.
  5. Click Update Rule to save your changes.

Edit Rule screen

For more information about factor enrollment policies and rules, refer to Multifactor Authentication.