End-user control of MFA prompts

[shreyys]

I have tried to configure End-user control of MFA prompts in the Okta, but the prompt factor still asks for MFA on every signin.
Does this feature work on the SDK?
https://help.okta.com/en/prod/Content/Topics/Security/policies/configure-signon-policies.htm#:~:text=Every%20Time%3A%20end%20users%20are,user%20MFA%20challenge%20dialog%20box.

[oleggnidets-okta]

Hi @shreyys ,
Thanks for the question.
Yes, it should work. I was able to configure MFA per device and it asks for MFA once. Further sign-ins don't enroll MFA. If I change to Every Time then it requires MFA every time the user logs in.

If you would provide detailed steps to reproduce on our sample app it helped a lot.

1. Please, check out how Sign on rules are configured. Do you have per device or per session selected?
2. Also, make sure you have correct priorities of policies and rules.
3. Make sure you select Do not challenge me on this device (see screenshot).

[shreyys]

We are not using browser instances in our app. The flow is completely native using apis.

We have an MFA Sign-on policy with MFA rule that looks like this..

I'm getting AuthStatus as MFA_REQUIRED in my app

[oleggnidets-okta]

I can confirm that the feature doesn't work on OktaAuthNative. At least, a user doesn't have a control over it. We recorded the issue in our system, internal ref OKTA-376058.

btw, you reported the issue into OIDC repo (browser based sign in).

[shreyys]

Oops...I choose the wrong tab.
I checked it too, user control is not the issue here..I needed the per session check. OTP on every login is annoying for the users.

Thanks for the confirmation though :)