Enable MFA for the Admin Console

Super Admins can enable mandatory multifactor authentication for all administrators signing in to Okta Admin Console.

  • After this feature is enabled, the MFA policy for the Okta Admin Console is enabled by default. The next time an admin logs in, they're prompted to set up MFA for the Admin Console.
  • Administrators that haven't enrolled in an existing MFA factor are prompted to enroll for the first time.
  • At least one factor must be turned on for your organization to enable this setting. If the org does not have any MFA factors enabled, Okta Verify with one time passwords (OTP) are enabled as the default factor. If factors have already been configured, then no changes are made.
  • You can also make additional changes to your MFA policy. See Configure an app sign-on policy
  • You should never disable multifactor authentication for administrators. This decreases the overall security posture of your org and increases risk that administrator accounts might be compromised.

Start the task

  1. In the Admin Console, go to Applications > Applications.
  2. Select Okta Admin Console.
  3. Go to the Sign On tab. For Admin App Policy, click the Edit rule icon.
  4. To enable MFA for admins, ensure that the Disable rule check box isn't selected.
    Note

    Selecting the Disable rule check box disables the MFA for admins.