If you want to enable multifactor authentication (MFA) while using Okta Classic Engine as your identity provider, you must enable MFA at the organization level rather than the app level. Enabling MFA at the app level may cause errors in Jamf Connect.
Requirements
Access to your organization's Okta Classic Engine admin console.
- Log in to the Okta Admin console.
- Navigate to Security and click Authentication.
- Click the Sign on tab.
- Click Add New Okta Sign-On Policy.
- Create a name and description for the policy.
- Assign the policy to a group of users you want to enable MFA for.
- Create a new rule.
- Create a name for the rule.
- Select the options for Policy settings that correspond with your organization's needs.
- In the Authentication section, set Users will authenticate with to Password / Any IdP + Any Authenticator and Users will be prompted for MFA to At every sign in or When signing in with a new device cookie.
- Select the options for Session Lifetime that correspond with your organization's needs.
- Click Create rule.
The group selected in your sign-on policy will have MFA applied corresponding to the rule's guidelines. Repeat these steps as needed to create additional policies and rules for additional groups of users.