Okta sign-on policies

Learn how Okta sign-on policies change after the upgrade.

Change summary	Okta sign-on policies are called global session policies.
Admin experience	To configure global session policies, go to Security > Global Session Policy . After you upgrade, the Global Session Policy retains two security settings from Classic Engine. These settings are critical to the security posture of the applications in your organization. Establish the user session with is set to A password. This maintains Classic Engine security settings that required a password or an external Identity Provider, such as Google or Facebook. Multifactor authentication (MFA) is is set to Required. This ensures that a secondary factor remains required in Identity Engine. The Multifactor authentication (MFA) is field has a new policy setting called Any factor used to meet the Authentication Policy requirements. Selecting this lets you create a passwordless experience.
User experience	Changes to the user experience depend on the policy settings you configure.
Related topics	Global session policies Sign-in flows