Configure an authenticator enrollment policy rule

Rules allow you to add conditions to your policy choices.

  1. After you’ve created an authenticator enrollment policy, click Add Rule to configure a policy rule.

Rule Name: Add a descriptive name for the rule that you want to create.
Exclude Users: If needed, you can exclude individual users of a group from the rule.
IF user’s IP is: Use the dropdown menu to enforce where the user is challenged for authentication:
  • Anywhere: The user is challenged within the network or outside of it.
  • In zone: The user is only challenged if they belong to a preconfigured network zone.
  • Not in zone: The user is challenged if they don't belong to a preconfigured network zone.
AND user is accessing: Select what you want the rule to apply to:
  • Okta
  • Applications: Select this option and choose one of the following:
    • Any application that supports MFA enrollment
    • Specific applications: Start typing the name of the application to which this rule applies in the field that appears.
THEN Enrollment is:

When all the conditions of this rule have been satisfied, select one of these options to determine whether authenticator enrollment will be allowed or not:

  • Allowed if required authenticators are missing: Allow authenticator enrollment even when the required authenticator is missing.
  • Deny enrollment of SSO authenticators: Only deny the enrollment of authenticators used for single sign-on.
  • Deny enrollment of all authenticators: Deny the enrollment of all authenticators.
  1. Click Create Rule to save the conditions of your new rule.
  2. Select a rule, then perform any of the following actions:
    • Active: Use to activate or deactivate the selected rule. If you deactivate a rule, it isn't applied to any user, but you can reactivate it later.
    • Expand or the rule name: View details of the rule, such as excluded users.
    • Edit: Change settings of the rule.
    • Delete: Delete the select rule. A deleted rule can't be recovered.
  3. To change the priority of a rule, drag the rule name above or below other rules in the list.

Related topics

Create an authenticator enrollment policy

Multifactor authentication

Sign-on policies and rules