App sign-in policies

App sign-in policies define how a user must authenticate to gain access to an app. They verify that the user meets specific app requirements, like group membership, the IP zone they're signing in from, risk level, and others. If the user meets the requirements of the app sign-in policy, they're granted access to the app.

You can create a unique policy for each app in your org, or create a few policies and share them across multiple apps. You can use Okta preset policies for apps with standard sign-in requirements.

All new apps, except for API service apps, start with the shared default policy. This policy has a single catch-all rule that allows a user access with two factors. You can add as many rules to the default policy as you need. However, remember that the changes are applied to both new and existing apps that are assigned to the shared default policy.

You can also use the Okta account management policy to define authentication requirements when users enroll or unenroll authenticators, recover their passwords, and unlock their accounts.

Topics