Authentication policies

Every app in your org has an authentication policy. The authentication policy verifies that users who try to sign in to the app meet specific conditions, and it enforces factor requirements based on those conditions.

Authentication policies share some conditions with global session policies, but they serve different purposes. A user who gains access to Okta through the global session policy doesn't automatically have access to their apps. You can create a unique policy for each app in your org, or create a few policies and share them across multiple apps. You can also use Okta preset policies for apps with standard sign-on requirements. If you decide later to change an app’s sign-on requirements, you can modify its policy or switch to a different policy.

Topics

• Create an authentication policy
• Add an authentication policy rule
• Add apps to an authentication policy
• Update an authentication policy
• Clone an authentication policy
• Modify authentication policies for first-party apps
• Preset authentication policies
• Merge duplicate policies
• Authentication scenarios
• Okta Expression Language for devices