Setting up Okta MFA Phishing

How to set-up and enable Okta MFA phishing

To use the Okta integration to send MFA Phishes, you will first need to set up the Okta API integration.

Please click here to see our guide on setting this up.


  1. Login to your CultureAI Admin dashboard
  2. Click the settings cog at the top of your dashboard to view your integrations
  3. Click into the Okta Integration
  4. Select the "MFA Assessments" tab
  5. Enable the "Assessments" toggle
  6. Ensure that you have both the okta.users.manage and the Organization Administrator enabled in your Okta API integration with CultureAI 
  7. Use the slider to choose how many MFA requests you'd like your employees to receive over the next twelve months
  8. Click "Save"
  9. Click into the "MFA Assessment configuration" tab
  10. Toggle on the impersonation settings for the best results from your MFA phishes. With this setting on, CultureAI will intelligently select the most likely device & location of a legitimate MFA request, using login data from all data sources, to better simulate the methods of a real attacker.
    When disabled the device & location of MFA requests will display as "Unknown"
  11. Click "Save"
  12. Click into the "MFA Assessed Users" tab
  13. You can leave the users included in MFA phishing as the default "All users", or, you can click the drop down box to select groups to be included in the phishes
  14. Once you're happy with your selected users, click "Save"
  15. You're done! You can now click into the MFA Assessment Schedule tab to view upcoming MFA phishes