The following table provides examples of configurations to avoid, explanations and recommendations on what to do instead: There are some situations in which the way you configure your everyday Authentication authenticators and your Recovery authenticators can cause your users to be unable to authenticate when initiating account recovery. The authenticator that you select for the AND Additional verification is option must be different from the authenticator you select for the AND Users can initiate recovery with option. You can't use the same authenticator for both initiating recovery and providing additional verification. Only Security Question – Users are required to answer a Security Question as a second factor.Ĭreate or update the password policy rule to save your changes.Any enrolled authenticator used for MFA/SSO – Users are required to authenticate with an MFA authenticator ( Okta Verify, Email, Phone, or Security Key) as a second factor.Not required – Users aren’t required to authenticate with a second factor.Unlock account - Users can unlock their account by verifying with any authenticator that is configured in recovery settings.Password reset - Users can reset a forgotten password by verifying with any authenticator that is configured in recovery settings.Password change (from account settings) - Users can change their password once they’ve authenticated with their password and another factor (if enrolled).IF User’s IP is – Specify whether Anywhere, In zone, or Not in zone will invoke the rule.In an existing password policy, click Add Rule or edit an existing rule. In the Password row, click Actions > Edit. ![]()
0 Comments
Leave a Reply. |