Skip to main content

Disable Okta MFA prompts (FIDO webauthn or Okta SMS) using MFAExcluded in Jamf Connect

Updated over 2 weeks ago

Description

The Jamf Connect Documentation lists a few examples of strings for the MFAExcluded key on the Login Window Settings page as displayed below.

<key>MFAExcluded</key>
<array>
<string>push</string>
<string>question</string>
<string>okta:token:software:totp</string>
<string>google:token:software:totp</string>
<string>token:hardware</string>
<string>webauthn</string>
<string>web</string>
</array>


However there are additional possible prompts that appear as "FIDO webauthn" or "Okta SMS." Using the Okta Developer API reference we can see a longer list of factors.

FIDO webauthn would be the factor type "webauthn"

Okta SMS is the factor type "sms"

Hiding Okta MFA Prompts

To hide the prompt types above, include the following strings in the array for the MFAExcluded key in the Jamf Connect login plist:

<key>MFAExcluded</key>
<array>
<string>webauthn</string>
<string>sms</string>
</array>

Did this answer your question?