Modify authentication policies for first-party apps

Every org has three first-party apps: the Okta Admin Console, the Okta Dashboard, and the Okta Browser Plugin. These apps have preset policies that you can modify for your own org.

Configure re-authorization frequency for the Admin Console

A common use case for editing the Okta Admin Console policy is to create a more restrictive policy that requires admins to re-authenticate with MFA every time they access the Admin Console. By default, this policy requires MFA for admins, but if your Global Session Policy already requires MFA, the admin isn’t prompted a second time.

  1. In the Admin Console, go to Security > Authentication Policy.

  2. Select the Okta Admin Console app.

  3. On the Rules tab, click Add rule.

  4. Enter a Rule Name (for example, MFA once per day).

  5. Set the following rule conditions:

    • In the IF section, select The following users and groups, and then add the Admin group.

    • Modify the Location and Client fields if you want to restrict this rule by zone or device.

    • In the Access section, select prompt for factor, and then choose your frequency.

  6. Click Save.

  7. On the Sign On tab, verify that the new rule has the highest priority.

Disable the Okta Dashboard for specific groups

A common use case for editing the Okta Dashboard policy is to disable access to for users in your org who use another dashboard or application.

  1. In the Admin Console, go to Security > Authentication Policy.

  2. Select the Okta End-User Dashboard app.

  3. On the Rules tab, click Add rule.

  4. Enter a Rule Name (for example, Disable Access to Dashboard for Groups).

  5. Set the following rule conditions:

    • In the IF section, specify which users qualify for the new rule.

    • In the THEN section, set the Access is option to Denied.

Related topics

Add an authentication policy rule

Update an authentication policy

Add apps to an authentication policy