Factor Sequencing

This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.


With factor sequencing, you can set up authentication for your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control., allowing them to sign in to their orgThe Okta container that represents a real-world organization. using various factors as the primary method of authentication instead of a password. This feature supports Okta Push and other factors as the primary method of authentication.


User Roles

User Role User Impact
Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Can create rules and select factors as part of an authentication chain that end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. will be required to use for successful authentication.
End User Can sign in to their Okta org using their ID and authenticate via enabled factors set up as part of the factor sequence.


Your Okta preview tenant must have the beta feature flag enabled: PASSWORDLESS_AUTH_SIGN_ON_POLICY.

Note: You will be informed via email once the feature flag has been enabled on your preview account.

Accessing this feature

To configure and activate your factors of choice, navigate to Security > Multifactor > Factor Types from the admin dashboard.

Step 1: Enroll Factors

  1. From the admin dashboard, navigate to Security > Multifactor > Factor Enrollment to set the enrollment policies for the factors you have already activated for your users.
  2. Verify that the factors in at least one factor chain is marked as Required for enrollment. For example, by defining the following two factor sequences in your sign on policy:
  3. (a) SMS and Okta Verify

    (b) Okta Verify and Security Questions

    Your end users are required to enroll in the sequenced factors (a) or (b) for successful authentication to take place.

Step 2: Define Okta Sign On Policies

  1. From the admin dashboard, navigate to Security > Authentication > Sign On.
  2. Select an existing rule or create a new rule for your beta test users.
  3. After selecting your rule criteria, scroll down to Authentication to define your factor sequences.

End User Experience Flow

  1. At Okta sign in, the end user is prompted to enter their ID to sign in.
  2. After entering their ID and clicking Next, the end user must authenticate via one or more factors that have been configured by their admin as part of the sign on policy.
  3. The end user can also select other factors in the sequence to authenticate via the factors listed in the dropdown menu.