Which of the following is NOT a feature of the Okta Sign-On Policy?

The correct answer highlights that mandatory password updates are not a feature of the Okta Sign-On Policy. The Sign-On Policy is primarily designed to enforce rules around how users authenticate and access applications, rather than managing password lifecycle policies. Features such as conditionally ordered execution allow for a sequence of rules to be applied based on specific conditions, enhancing the flexibility of access management.

Location-based access eligibility is another significant feature that permits access decisions based on where the user is trying to sign in from, adding an additional layer of security. Moreover, the ability to target or exclude specific groups enables administrators to apply different sign-on policies depending on the user's group membership, allowing for tailored access control.

In contrast, mandatory password updates are typically managed through a different set of policies focused on password management rather than the sign-on process itself. As a result, this choice accurately reflects a functionality that falls outside the scope of the Sign-On Policy in Okta.