Configure Okta Verify for physical or virtual Windows environments

To configure Okta Verify for physical or virtual Windows environments, you can use the AuthenticatorOperationMode option when you deploy the app.

If you need to change the authenticator operation mode after deployment, uninstall Okta Verify and reinstall it with other configuration options. For configuration options, see Okta Verify configurations for Windows devices.

Physical Windows environments

When you deploy Okta Verify to physical machines such as desktops or laptops, no additional configuration is required. The AuthenticatorOperationMode defaults to Normal, which is the appropriate value for physical environments.

Virtual Windows environments

Okta Verify for Windows supports virtual machine deployment for the following Virtual Desktop Infrastructure (VDI) providers:

  • Citrix

  • Windows 365

  • Amazon WorkSpaces

The appropriate AuthenticatorOperationMode value for your Okta Verify deployment depends on the type of virtual environment:

  • In static virtual environments, the user is assigned the same virtual machine each time they start a session. Use VirtualDesktopStatic in this case.

  • In layered virtual environments, the user is randomly assigned a virtual machine when they start a session. Use VirtualDesktopLayered in this case.

Layered virtual environments

In some layered VDI environments, the service that's responsible for syncing the user's data to the virtual machine can take time to complete.

This delay means that Okta Verify can auto-start before the service copies the user's existing Okta Verify data to the machine. If this happens, the user can lose their Okta FastPass enrollments, or Okta Verify might fail to launch.

To avoid this condition, Okta Verify startup is delayed by 30 seconds by default.

If your profile syncing service takes more than 30 seconds to complete, you can also disable the Okta Verify Activation Task that's responsible for auto-starting Okta Verify. To disable it, run the following PowerShell command:

Copy 
Disable-ScheduledTask -TaskPath \ -TaskName "Okta Verify Activation Task"

When the Okta Verify Activation Task is disabled, users have to click either Sign in with Okta FastPass or Open Okta Verify to open Okta Verify on their first authentication.

If you need to restore the Activation Task, run the following PowerShell command:

Copy 
Enable-ScheduledTask -TaskPath \ -TaskName "Okta Verify Activation Task"

Related topics

Okta Verify configurations for Windows devices

Configure the user verification type for Okta Verify for Windows