Sign-on policies

Sign-on policies have new names in Identity Engine:

  • Okta sign-on policies are now called global session policies.

  • App sign-on policies are now called authentication policies.

Global session policies

To configure global session policies, go to Security > Global Session Policy. The global session policy has two more security settings than the Okta sign-on policy had in Classic Engine. See Okta sign-on policy changes.

Authentication policies

To configure authentication policies, go to Security > Authentication policies. This new page is significant, because you can now view all authentication policies in one location. You can also create a policy yourself, instead of only adding rules to an app's default policy. And most importantly, you can share one policy among many apps. This allows you to create and maintain policies at scale, and evaluate how each policy impacts application access.

Authentication policies are also still viewable on an app's Sign On tab in ApplicationsApplications. However, you can no longer modify the policy from this location. See App sign-on policy changes.