Adaptive Multi-factor Authentication

Enhance the security of your app with contextual step-up authentication using a broad set of second factors.


of US CISOs name MFA as top IAM priority


of hacking incidents used stolen or weak passwords

$6 billion

annual loss as a result of account takeover

Okta MFA for CIAM

Are you a developer?

Compliance icon

Contextual policies

Enforce MFA only when it is necessary based on a wide array of signals

Identity Engine icon

Embeddable MFA

Embed branded, strong authentication for customers, including passwordless authentication

Reporting icon

Robust reporting

Leverage user AMFA history for account takeover investigations or risk analysis

Contextual policies

Enforce MFA only when it is necessary based on a wide array of signals.

Contextual access management

Set intelligent access and authentication policies based on login context

Location Icon

Location Context

  • New city, state, or country
  • New geo-location
  • Impossible travel patterns
Mobile Device Icon

Device Context

  • Known device recognition
  • Device management
Network Icon

Network Context

  • New IP
  • Specified IP zones
  • Network anonymisers

Risk Context

Create policies based on risk signals seen across Okta’s global dataset, such as high risk IP addresses

Respond to anomalous login behaviour with risk-based authentication

Okta’s machine learning capabilities allow you to minimise the need for prescriptively creating access policies. With Risk-Based Authentication, Okta establishes a baseline login behaviour for each individual user, and responds to anomalous activity with the appropriate set of strong factors for both high and low risk login attempts.

Okta Risk based authentication low2

Password only

Okta Risk based authentication medium1

Password + Okta Verify with Push

Okta Risk based authentication high

Okta Verify + U2F

Passwordless authentication

Eliminate the risk of password-based attacks and deliver a delightful user experience using passwordless authentication.

Leverage a range of passwordless authentication options for customers using email magic links, WebAuthN or factor sequencing.

Passwordless authentication helps you:

  • Secure account authentication from credential attacks 
  • Simplify user enrolment 
  • Delight users with one-click or one-touch authentication 
  • Reduce support costs associated with password management and account recovery

Explore passwordless authentication ›

Okta Authentication Passwordless Magic Link

Deploy policies by group

Add high risk users to specific groups that can be used to deploy AMFA policy based on risk or business policy

Default policy


Pre-authentication sign-on policy evaluation

Stop brute force attacks in its tracks by evaluating Okta’s sign-on policies before credential evaluation thereby reducing the likelihood of account lockouts and improving user experience.

Embeddable MFA

Add a second level of security to your application with multi-factor authentication

Support for a range of factors

  • Email
  • SMS
  • Voice
  • Security question
  • Google Authenticator
  • Okta Verify / Okta Verify with Push
  • Embedded Okta Verify with Push
  • OTP tokens and authenticators 
  • 3rd party MFA providers
  • FaceID, TouchID, Android Biometrics
Multi-factor authentication factors

Developer and operationally efficient

MFA wizard

Quickly and seamlessly integrate Okta MFA into any web app

Hosted sign-in widget

Pre-built UI for MFA enrolment and enforcement

Devices SDKs

Single SDK integration for device management, white-labelled Okta Verify Push experience with biometrics and passwordless authentication


For ultimate customisation, leverage the Okta REST API to deploy MFA at login or post-login for high assurance scenarios

MFA for third-party IDP solutions

Integrate with your existing non Okta IDP solution to deploy MFA 

Easy management

Reduce support costs with self-service factor management


Okta devices enable seamless management of user devices and secure authentication across devices or channels.

Learn more

API Access Management

Devices API

Bind user and device identity in Okta’s universal directory and store a user’s known devices. The Devices API enables authentication across devices using a trusted/registered device, allows admins and users to manage devices.


Devices SDK

Leverage Okta devices SDK to automatically register a user’s devices automatically, Whitelabel Okta Verify Push with biometrics (FaceID etc) and enable passwordless authentication across devices and channels using a trusted device.

Robust reporting

Leverage user AMFA history for account takeover investigations or risk analysis

Real-time dashboard and system log

Real-time visibility and anomalous behaviour reports. Push real-time events to security tools and communication channels with Event Hooks.

SSO Reporting 0

Pre-Built integrations with your SIEM

Trusted by

Adaptive Multi-factor Authentication