Hi! I have a fun one for you all. As SIM jacking becomes more and more prevalent, we'd like to switch from SMS being the only required form of MFA to disabling it altogether. The majority of our users already use Okta Verify and strongly prefer it, but SMS is still a somewhat necessary fallback for when people get new phones, since Okta Verify doesn't transfer to a new device. Device Trust isn't an option as we don't use Jamf Pro or Intune. We do have Adaptive MFA and could stack SMS and Security Questions if need be, but I'd rather not have either allowed, to be honest.
Are any of you in the same boat? What do you do when someone gets a new phone?
🗨 Link to Slack thread