Sign-In Widget

Learn how the Sign-In Widget changes after the upgrade.

Change summary	There's no security image. The Remember me and Don't prompt me again checkboxes are replaced with Keep me signed in. End-user enrollment now occurs entirely in the Sign-In Widget when the user attempts to sign in to their org or to a specific app.
Admin experience	In Classic Engine, Remember me populates the Username on the Sign-In Widget. You can configure it so that users' sessions continue after they close and reopen their browser. In Identity Engine, these features are separate. To configure them, go to SecurityGeneralOrganization Security: Remember user on sign in populates the Username field on the Sign-In Widget. The end user is still required to authenticate. It doesn't remember recent MFA authenticators or previous sessions. Keep me signed in is a usability feature that reduces sign-in friction on remembered devices. When a user selects this option during authentication, Okta won't prompt them again for MFA for the amount of time defined in your global session policy. You can configure Keep me signed in to appear as a post-authentication prompt for users who sign in with an IdP.
User experience	The sequence of a sign-in flow depends on the authentication requirements that you set in your global session policy. Password-first flow: If the user session is established with a password, the password field appears on the same page as the username field. This is the traditional flow found in Classic Engine. Identifier-first flow: If the user session is established with any factor used to meet the authentication policy requirements, the username prompt appears first. This flow is new to Identity Engine.
Related topics	Organization Security Keep me signed in