Use the Policy Settings page to manage sign-on and multi-factor authentication (MFA) policies for your organization.
Caution
Changing the MFA Policy field on this page will reset MFA settings for all users at your organization. If you need to reset MFA settings for individual users, you can do so from the Users page.
Note
You must have System Settings permissions to access this page. Refer to Adding and Maintaining Users and Access Rights for more information.
To configure your policy settings, follow these steps:
1. Go to Settings.
2. Click Policy Settings.
3. In the Sign-On Policy field, select one of the following options:
▪ MFA per device—Users are prompted for MFA on all new devices.
▪ MFA per session—Users are prompted for MFA on all new devices and browser sessions, plus at least once every 12 hours.
4. In the Password-Reset Policy field, select one of the following options:
▪ 90 day expiration—Users' passwords expire every 90 days.
▪ No password expiration—Users' passwords do not expire.
5. In the MFA Policy field, select one of the following options:
▪ Secure factors—Users must use device validation for MFA, such as the Okta Verify app or the Google Authenticator app.
▪ Flexible factors—Users can use any of the following MFA options: Device validation (e.g. Okta Verify), Email, Voice, or SMS text message. Voice and SMS are only available for North American phone numbers.
Caution
Changing the MFA Policy option will reset MFA settings for all users at your organization. If you need to reset MFA settings for individual users, you can do so from the Users page.
6. Click Save.