MFA for Admins

Multifactor authentication reduces the risk of admin account compromise if credentials are obtained maliciously by a third party. Super admins can enable mandatory multifactor authentication for all administrators signing in to Okta Administration.


HealthInsight: Why is this task recommended?

This feature is a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.

Enable MFA for Admins to reduce the risk of adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. account compromise if credentials are obtained maliciously by a third party.

Security impact: Critical

End-user impact: None

Okta recommends: Require MFA for Admins


After this feature is enabled:

  • Admins will always be prompted for multifactor authentication before accessing Okta Administration.

  • Admin that have not yet enrolled into an MFA factor will be prompted to enroll for the first time.
  • At least one factor should be turned on for your organization to enable this setting. If the orgThe Okta container that represents a real-world organization. does not have any MFA factors enabled, Okta Verify with one time passwords (OTP) will be enabled as the default factor. If factors have already been configured, then no changes will be made.
  • MFA for admins can only be set to enabled or disabled. It cannot be configured like other MFA policies.



To enable MFA for Admins:

  1. From the admin console, navigate to Security > General.
  2. Scroll to Multifactor for Administrators.
  3. Click Edit.
  4. Select Require Multifactor for Administrators signing in to Okta Administration.

    Enabling MFA for Admins in the admin console settings

  5. Click Save.


Related topics