Authentication policies

Authentication policies enforce factor requirements when users sign in to apps or perform certain actions.

Authentication policies share some conditions with global session policies, but they serve different purposes. A user who gains access to Okta through the global session policy doesn't automatically have access to their apps. You can create a unique policy for each app in your org, or create a few policies and share them across multiple apps. You can also use Okta preset policies for apps with standard sign-on requirements. If you decide later to change an app's sign-on requirements, you can modify its policy or switch to a different policy.

Topics

• Create an authentication policy
• Add an authentication policy rule
• Add apps to an authentication policy
• Update an authentication policy
• Clone an authentication policy
• Modify authentication policies for first-party apps
• Preset authentication policies
• Merge duplicate policies
• Authentication scenarios
• Okta Expression Language for devices
• Post auth session evaluation with Identity Threat Protection
• Enforce post auth session evaluation policy