If you’ve set up Kolide and Okta to use factor sequencing in the past, you can follow these steps to switch to authentication method chains to simplify rule management in your authentication policies.

To get started, open two browser windows side-by-side. In one window, sign in to Kolide. In the other window, sign in to your Okta portal with an account that has super administrator privileges: https://${yourOktaDomain}-admin.okta.com.

Step 1: Turn Off Factor Sequencing in Kolide

1. In the Kolide window, select your profile in the top right and choose Settings.
2. In the sidebar, select Authentication and Provisioning, then select Okta > Okta Multi-Factor.
3. Select the Additional Factor Settings tab, then scroll to the bottom and select Disable.

Step 2: Create New Authentication Policy Rules

To make sure you have the desired authentication experience now that you’ve turned off factor sequencing, follow these steps to create new authentication policy rules for any policies that need three-or-more factors, such as a password, Okta FastPass, and Kolide:

1. In the Okta window, select Security > Authentication Policies in the sidebar.
2. For each authentication policy where you want to use three-or-more factors, create new rules that use authentication method chains.
3. Move these new rules to the top of their respective lists or below any “break-glass” or exclusion rules.
4. After you create each rule, temporarily turn them off while you follow the remaining steps.

Step 3: Enable Your New Authentication Policy Rules

1. In the Okta sidebar, select Security > Authentication Policies.
2. Turn on each of the authentication policy rules you created in step 2.

Step 4: Verify Your Authentication Experience

1. Open a private or incognito window in your browser and sign in to your Okta dashboard.
2. Select an application covered by an authentication policy you created earlier.

You can repeat these steps to review and revise your authentication experience and policy rules to refine them as desired.

Step 5: Configure Okta After You Turn Off Factor Sequencing

Deactivate and Delete the Proxy Application

1. In the Okta window, select Applications > Applications in the sidebar.
2. Select the Kolide proxy application. This may be named something like “[Company Name] MFA”.
3. Select Active > Deactivate and select Deactivate Application.
4. Select Inactive > Delete and select Delete Application.

Delete the Kolide Proxy Policy

1. In the Okta sidebar, select Security > Authentication Policies.
2. Select the Kolide proxy authentication policy. This may be named something like “Kolide Additional Factor”.
3. Select Actions > Delete policy and select OK.

Delete the Event Hook

1. In the Okta sidebar, select Workflow > Event Hooks.
2. In the Kolide event hook, select Actions > Deactivate. This may be named something like “Kolide Authenticator Resets”.
3. Select Actions > Delete and select Delete Event Hook.

Step 6: (Optional) Review Other Policies in Okta

After you’ve migrated from factor sequencing to authentication method chains, you may want to review your global session and authentication enrollment policies.

If you’re satisfied with your other global session policies and the experience they provide to your users, you can choose to delete the policy created for Kolide. This may be named something like “Kolide GSP”.

With authentication method chains, you also now have the option to require enrollment in specific authenticators, such as Okta Verify, using your authentication enrollment policies. However, if you’ve already configured your authentication policies to require specific authenticators when your team accesses their various apps, this may not be necessary.