Thursday, May 24, 2018

Enabling Multi factor Options for application in Okta

Okta is a simple product to use and it is capable of integrating with more than 5800 applications for Single Sign-On purposes with added security benefits.

In this post I would like to quickly talk about enabling Multi Factor capabilities for an application that is already integrated into Okta. In this case, SalesForce is integrated with Okta using SAML 2.0 protocol.

Follow the below steps to enable MFA capabilities for salesforce application (or this would apply for any other application)


  1. Login to Okta Admin Console as admin user.
  2. Goto Applications.
  3. Goto Sign On Policy section.
  4. Click Add Rule.
  5. Specify Rule Name, Conditions (users /group rule assignment), Location . 
  6. Specify Actions. Select the option to allow or deny the access after conditions are met. For this exercise I would choose Allow. Select MFA frequency such as prompting MFA every login or once a day etc.,
  7. Click on Multifactor Settings.
  8. Select the desired authenticators. 
  9. Click Save. 

Now the desired configuration changes are completed. It is time to test. 

  1. Login to Okta application console. 
  2. Click on SalesForce application.
  3. User is redirected to MFA page for setup (if its already setup, this page is not seen). In this case, I have selected Google Authenticator setup. Click Setup.
  4. Select device Type. Install app on mobile device. Click Next.
  5. Specify the code generated on mobile device here. Click Verify.
  6. User is redirected to salesforce application.