Add a rule for identity verification for account actions
Early Access release. See Enable self-service features.
Add this rule to require users to verify their identity with an identity verification (IDV) vendor when they need to perform account actions, like enrollment and recovery.
Prerequisites
-
If your org uses the third-generation Sign-In Widget, upgrade to version 7.20 or later for all brands.
- Create an IDV vendor. See Add a pre-configured identity verification vendor.
Add the rule
-
In the Admin Console, go to .
- Select Okta account management.
- Click Add Rule.
- Enter a descriptive rule name, like Identity verification-based enrollment.
- Set the following IF conditions.
- User' user type is: Any user type
- User's group membership includes: Any
- User is: Any
- Device platform is: Any platform
- User's IP is: Any
- Risk is: Any
- The following custom expression is true: accessRequest.operation == 'enroll'
- Set the following THEN conditions.
- Access is: Allowed after successful, and then Identity verification
- Identity verification service: Any IDV option
- Click Save.
Set this rule's priority above the catch-all but below the first phishing-resistant authenticator (if you added one). Be sure that the first phishing-resistant authenticator rule stays at priority 1.
User experience
Users verify their identity with an IDV instead of using an authenticator. The user experience is different with each IDV.