MFA for admins

Super Admins can enable mandatory multifactor authentication for all administrators signing into Okta Administration.

  • After this feature is enabled, the MFA policy for the Admin Dashboard will be enabled by default. The next time an admin logs in, they will be prompted to set up MFA for admins.

  • Administrators that have NOT enrolled into an existing MFA factor will be prompted to enroll for the first time.
  • At least ONE factor must be turned on for your organization to enable this setting. If the org does not have any MFA factors enabled, Okta Verify with one time passwords (OTP) will be enabled as the default factor. If factors have already been configured, then no changes will be made.
  • MFA for admins can only be set to enabled or disabled. It cannot be configured like other MFA policies.
  • It is recommended to never disable multifactor authentication for administrators. This decreases your overall security posture and increases risk for administrator accounts to be compromised.

Enable MFA for admins

  1. From the Admin Console, navigate to Security > General.
  2. Scroll to Multifactor for Administrators.
  3. Click Edit.
  4. Select Enable Multifactor for Administrators.
  5. Click Save.