Configure an authentication enrollment policy rule

Rules allow you to add conditions to your policy choices.

  1. After you’ve created an authentication enrollment policy, click the Add Rule button to configure a policy rule.

Rule Name: Add a descriptive name for the rule that you want to create.
Exclude Users: If needed, you can exclude individual users of a group from the rule.
IF user’s IP is: Use the dropdown menu to enforce where the user is challenged for authentication:
  • Anywhere: The user is challenged within the network or outside of it.
  • In zone: The user is only challenged if they belong to a preconfigured network zone.
  • Not in zone: The user is challenged if they don't belong to a preconfigured network zone.
AND user is accessing: Select what you want the rule to apply to:
  • Okta
  • Applications: Select this option and choose one of the following:
    • Any application that supports MFA enrollment
    • Specific applications: Start typing the name of the application to which this rule applies in the field that appears.
THEN Enrollment is:

When all the conditions of this rule have been satisfied, select one of these options to determine whether authenticator enrollment will be allowed or not:

  • Allowed if required authenticators are missing: Allow authenticator enrollment even when the required authenticator is missing.
  • Deny enrollment of SSO authenticators: Only deny the enrollment of authenticators used for single sign-on.
  • Deny enrollment of all authenticators: Deny the enrollment of all authenticators.
  1. Click Create Rule to save the conditions of your new rule.
  2. Select a rule, then perform any of the following actions:
    • Active: Use to activate or deactivate the selected rule. If you deactivate a rule, it isn't applied to any user, but you can reactivate it later.
    • Expand or the rule name: View details of the rule, such as excluded users.
    • Edit: Change settings of the rule.
    • Delete: Delete the select rule. A deleted rule can't be recovered.
  3. To change the priority of a rule, drag the rule name above or below other rules in the list.

Related topics

Create an authentication enrollment policy

About MFA authenticators

Sign-on policies and rules