Okta Verify for Okta Identity Engine release notes

You can download the Okta Verify package for Android from these locations:

Google Play Store
Okta Admin Console (SettingsDownloads). The updated package file is available approximately two weeks after the deployment date. See Distributing Okta Android apps outside the Google Play Store.

Deployment date: November 3, 2025

To maintain the security of the Okta service, Okta can automatically prompt users running vulnerable versions of Okta Verify to update the app before restoring access. Okta manages this control for security events, and admins can't configure it. See Okta Verify security updates.
This release also includes internal improvements and fixes.

You can download the Okta Verify package for iOS from these locations:

Deployment date: November 3, 2025

You can download the Okta Verify package for macOS from these locations:

Preview deployment: November 19, 2025

Admins can use the new OktaVerify.OSQueryCustomChecksTimeout MDM parameter to customize the default osquery timeout value. This gives orgs the flexibility to fine-tune device posture checks and improve performance in diverse network environments. See Okta Verify configurations for macOS devices.
This release also includes internal improvements and fixes.

You can download the Okta Verify package for Windows from the Okta Admin Console (SettingsDownloads).

Preview deployment: November 17, 2025

This release improves the way screen readers interact with static text within the Okta Verify app. This change provides a better experience for users who rely on accessibility tools.
On systems where Windows Hello wasn't available (such as a virtual machine), the Okta Verify app only displayed the Passcode confirmation toggle when user verification was set to Windows Hello. (OKTA-720210)
After a user rebooted their Windows system, they were prompted for a password during sign-in attempts, even when passwordless authentication was the active multifactor policy. (OKTA-1010475)
On Windows, some Okta Verify users without complete org information on their local device couldn't see their account or enable user verification. Also the device couldn't publish an asynchronous signal for Identity Threat Protection. (OKTA-1024030)
When both the UseDirectAuth and PasswordlessAccessEnabled policies were enabled for use with FIDO2 keys, users who hadn't already signed in received two push notifications during their initial sign-in attempt. (OKTA-1011119)
Users on domain-joined remote machines experienced significant sign-in delays when attempting to use a passwordless flow with Okta Device Access. (OKTA-1012063)
This release also includes internal improvements and fixes.