Custom Factor Authentication

This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.


A custom factor using SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. or OIDC can be configured and activated as an additional factor for end user verification upon sign in.

An Okta adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. can do the following:

  • Add a custom factor via the SAML or OIDC standard for authentication
  • Enable or disable the custom factor from the admin dashboard
  • Create, manage, and edit a custom factor from the list of available factors
  • Link an existing SAML 2.0 or OIDC Identity Provider to use as the custom factor provider

End usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. can do the following when a custom factor is enabled:

  • View a list of available factors, which includes custom factors
  • Use the custom factor for step up authentication when the factor is enabled

Accessing this feature

  1. From the admin dashboard, navigate to Security > Multifactor. The Multifactor Factor Type setup page is displayed.
  2. Click Custom SAML Factor or Custom OIDC Factor to access custom factor setup.


  • Admin access to Okta to enroll and configure the desired custom factor
  • An existing Identity Provider must be available to use as the additional step up authentication provider. Refer to the next section for more information on adding an identity provider.

Adding an Identity Provider

  • For a custom SAML factor, refer to the workflow under Identity Providers for more information how to create an identity provider for creating a custom SAML factor. The workflow is located under: Identify Providers > Configure Inbound SAML > Workflow > Part 1 – Add a SAML Identity Provider.
  • JIT Settings are not supported

Setting the Custom Factor

  1. Click Edit to start configuring the custom factor.
  2. Select a provider from the menu.
    Note: The provider must be configured first before it can be listed as an option. Refer to Adding an Identify Provider section above for more information.
  3. Once the desired provider is selected, click Save to save your configuration.
  4. Set the custom factor status to Active to enable it for end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. or Inactive to disable it.

End User Result

  • After the admin has added and enabled the custom factor, the end user is prompted to set up custom factor authentication on their next sign in.
  • Once the end user has successfully set up the factor, it will appear in their settings as a configured factor under Settings > Extra Verification.