For okta, if it is set up properly, the user should get push notifications. And in that push notification is a number they need to select to validate the push.
This eliminates credential phishing and "notification exhaustion" where a user just clicks "ok" on an auth request by a bad actor.
As much as I advocate for non cloud services, what okta provides is very secure.
This eliminates credential phishing and "notification exhaustion" where a user just clicks "ok" on an auth request by a bad actor.
As much as I advocate for non cloud services, what okta provides is very secure.