Enable MFA for the Admin Console

Super admins can enable mandatory multifactor authentication (MFA) for all admins who access the Okta Admin Console.

  • After this feature is enabled, the MFA policy for the Admin Console is enabled by default. The next time an admin signs in, they're prompted to set up MFA for access to the Admin Console. Admins who haven't enrolled in MFA are prompted to enroll for the first time.
  • At least one authenticator must be enabled for your org to enable this setting. If the org doesn't have any authenticators enabled, Okta Verify with one time passwords (OTP) are enabled as the default authenticator. If authenticators have already been configured, then no changes are made.
  • You can also make additional changes to your MFA policy. See Add an authentication policy rule
  • Never disable MFA for admins. This decreases the overall security posture of your org and increases the risk that admin accounts might be compromised.

Start the task

  1. In the Admin Console, go to ApplicationsApplications.

  2. Select Okta Admin Console.
  3. Click the Sign On tab. For Admin App Policy, click the ellipsis icon to open the dropdown.
  4. Select Activate.