Devices known issues

Before you contact Okta Support, review this list to determine if the issue you encounter is a known problem that might have a workaround.

Issue Details and solution Operating system

Users on unmanaged devices receive an erroneous MDM remediation message

This issue occurs when an org has multiple device management configurations for the same platform and each configuration integrates with a different solution (for example, one of your Windows device management configurations integrates with Intune and another with Workspace ONE).

When a user on an unmanaged device tries to access an app associated with one of the configurations and the authentication policy requires devices to be managed, Okta displays an "Additional setup required" remediation message that includes the name of the solution and a link to their enrollment site.

When multiple device management configurations exist for the same platform, the remediation message pulls information from the earliest configuration you created. Therefore, the message might reference the wrong device management solution and include a link that points to the wrong enrollment website.

Android

iOS

macOS

Windows

End users who are deactivated in AD are able to enroll in Okta Verify

When an Active Directory (AD)-sourced user prepares to set up Okta Verify from the Settings page on the End-User Dashboard, the enrollment QR code is displayed. If the user is deactivated in AD before they scan the QR code, they can still scan the QR code and enroll in Okta Verify. QR codes generated before a user is deactivated in AD remain valid until they time out. Even if the user is able to enroll into Okta Verify successfully, they won't be able to access any Okta-protected applications.

Solution: Delete unwanted Okta Verify enrollments from the Admin Console.

Android

iOS

macOS

Windows

User don’t receive theOkta FastPass setup prompt when multiple orgs exist

If you're using Okta FastPass to sign in to a multi-org environment and Okta FastPass is not set up for all orgs, the Okta FastPass enrollment prompt might not appear. To avoid this issue, make sure Okta FastPass is set up for all orgs.

Android

iOS

macOS

Windows

Users are not able to remove their account from Okta Verify if they are deleted from Active Directory

To resolve this issue, delete the user enrollment from Okta.

Android

iOS

macOS

Windows

Users enrolled in Okta Verify are denied access when attempting to access an app

Okta is not able to probe for device context, so users are denied access when they authenticate with a username and password. This issue occurs if you’re using a service account and your authentication policy rules are:

  • Rule 1: A non-service account, signing in with a device that is either registered and not managed or registered and managed with any one authentication factor.

  • Rule 2: Any service account, signing in from any device can access the app with any two factors.

  • Rule 3: Catch all deny.

Workaround:

Enable Okta FastPass. In step 5, select the Show the “Sign in with Okta FastPass” button checkbox. Ask users to click Sign in with Okta FastPass when they sign in to apps.

Android

iOS

macOS

Windows

Okta Verify enrollment isn’t automatically triggered when an admin portal URL is used

If a user doesn't have any Okta Verify account, enrollment is automatically triggered when they enter their org URL (for example, http://example.org.com ) in a browser. However, if the user enters their admin portal URL (for example, http://example-admin.org.com), they are redirected to their org URL, but enrollment isn’t automatically triggered.

Solution: Use the org URL instead of the admin portal URL.

Android

iOS

macOS

Windows

Users can’t access Google Drive File Stream native appOkta

Okta Verify single sign-on (SSO) fails when users try to access a Google Drive File Stream native app protected by a policy that allows passwordless access.

Solution: Click the Sign in with your browser instead link to access the app.

macOS

macOS occasionally fails to prompt users for Touch ID when they authenticate with Okta Verify

This a known issue for macOS Big Sur and earlier. Apple has fixed the issue for macOS Monterey.

Solution: The user must restart Okta Verify.

macOS

Users don’t receive device lifecycle messages

Device lifecycle messages are not available on macOS devices that use an SSO extension profile. This only affects Safari users with macOS Big Sur and earlier.

macOS

Okta Verify authentication issues when users have multiple OS profiles

When a Windows device has multiple operating system (OS) user profiles and the same account is added to Okta Verify on several user profiles, the most recent enrollment by the last user profile works. If the same Okta Verify account is used in a different user profile, the authentication fails.

Windows