The Okta Dashboard application must be configured to use multifactor authentication.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-273194 | SRG-APP-000150 | OKTA-APP-000570 | SV-273194r1098849_rule | 2025-05-06 | 1 |
| Description |
|---|
| To ensure accountability and prevent unauthenticated access, nonprivileged users must use multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) Something you know (e.g., password/PIN); (ii) Something you have (e.g., cryptographic identification device, token); or (iii) Something you are (e.g., biometric). A nonprivileged account is any information system account with authorizations of a nonprivileged user. Network access is any access to an application by a user (or process acting on behalf of a user) where the access is obtained through a network connection. Applications integrating with the DOD Active Directory and using the DOD CAC are examples of compliant multifactor authentication solutions. Satisfies: SRG-APP-000150, SRG-APP-000155 |
| ℹ️ Check |
|---|
| From the Admin Console: 1. Go to Security >> Authentication Policies. 2. Click the "Okta Dashboard" policy. 3. Click the "Actions" button next to the top rule and select "Edit". 4. In the "User must authenticate with" field, verify that either "Password/IdP + Another factor" or "Any 2 factor types" is selected. If either of these settings is incorrect, this is a finding. |
| ✔️ Fix |
|---|
| From the Admin Console: 1. Go to Security >> Authentication Policies. 2. Click the "Okta Dashboard" policy. 3. Click the "Actions" button next to the top rule and select "Edit". 4. In the "User must authenticate with" field, select either "Password/IdP + Another factor" or "Any 2 factor types". |