Configure reauthorization frequency for the Okta Admin Console

Note: The following instructions only apply to Preview environments.

With Okta Applications, super admins can create sign-on policies that modify MFA prompt frequency for admins accessing the Okta Admin Console. By adjusting both the amount of factors required, and the frequency in which Admins are prompted, super admins can create detailed policies that best fit their environment.

Before you begin

Super admin privileges must be held before you can create sign-on policies for the Okta Admin Console. If you intend to include new admins in the sign-on policies you create, continue to manage their admin assignments through Security > Administrators. Super admins won't need to assign the Admin Console app to new users manually. Orgs that have already enabled MFA for admins before configuring the Okta Admin Console app will continue to use the default policy of one factor prompt per session.

Start this task

Use the following instructions as a general guide on how to create a sign-on policy that requires Admins to reauthorize once per day rather than once per session. These generalized instructions may still differ from what's needed for your specific environment.

  1. From the Admin Dashboard, navigate to Applications> Add Applications.
  2. Search for the Okta Admin Console with Active filter enabled.
  3. In the Sign On Policy tab, click Add Rule.
  4. Title your new rule as MFA once per day in the Rule Name field.

  5. Under Conditions > People , select The Following Groups and Users and add the Admin group.
  6. Under Actions > Access, ensure that the prompt for factor box is checked.
  7. Use the boxes under prompt for factor to select the Once a day option.
  8. Click Save.
  9. In the Sign On Policy tab for the Okta Admin Console app, ensure that your new rule has the highest priority.