You create a virtual server to act as the
traffic destination address. Then you associate both a per-session policy and a
per-request policy (properly configured using Okta MFA) with the virtual server.
Requests coming in are protected using two levels of authentication: first at login and
second Okta MFA.
If you have already created a virtual server,
simply open it to make sure that the fields required to implement MFA with Okta
Factor API are set correctly.
You should send traffic to test the login process. Users log in with primary
authentication, then the first time, they are asked to enroll in Okta MFA. (They can
select only one factor here but you can set up a second factor using Okta Admin.) The
user can select from the Okta factors set up for them on the Okta Admin Console.
Subsequent logins go straight to the option(s) configured where the user is
authenticated by Okta MFA using Push, TOTP, or Yubikey.