Can an Okta admin configure a session policy to prompt for Multifactor Authentication when a user has not signed on in the past 14 days?

The ability for an Okta admin to configure a session policy to prompt for Multifactor Authentication based on the condition of whether a user has signed on in the past 14 days is not supported within the current capabilities of Okta's session policies. Session policies in Okta can be set up to require multifactor authentication based on various factors, such as the location of the sign-in or the risk level of the session, but they don't directly include temporal conditions like the last sign-in date as a trigger.

The system currently lacks the granularity to apply MFA specifically based on time since the last login, which is why the option indicating that such a configuration is possible is incorrect. The limitations in Okta’s session policy configuration mean that multifactor authentication prompts cannot be customized in this way for general users or even subset categories like admin users or specific groups. Consequently, the understanding of session policy capabilities illustrates that a prompt based solely on inactivity for 14 days is not feasible within the Okta framework.