Add a rule for identity verification for account actions
Early Access release. See Enable self-service features.
Add this rule to require users to verify their identity with an identity verification (IDV) vendor when they need to perform account actions, like enrollment and recovery.
Prerequisites
-
If your org uses the third-generation Sign-In Widget, upgrade to version 7.20 or later for all brands.
- Create an IDV vendor. See Add an identity verification vendor as an identity provider.
Add the rule
-
In the Admin Console, go to .
- Select Okta account management.
- Click Add Rule.
- Enter a descriptive rule name, like Identity verification-based enrollment.
- Set the following IF conditions.
- User type: Any user type
- User group membership includes: Any
- User is: Any
- Device platform is: Any platform
- User's IP is: Any
- Risk is: Any
- The following custom expression is true: accessRequest.operation == 'enroll'
- Set the following THEN conditions.
- Access is: Allowed after successful, and then Identity verification
- Identity verification service: Any IDV option
- Click Save.
Set this rule's priority above the catch-all but below the first phishing-resistant authenticator (if you added one). Be sure that the first phishing-resistant authenticator rule stays at priority 1.
User experience
Users verify their identity with an IDV instead of using an authenticator. The user experience is different with each IDV.
Related topics
Okta account management policy