Configure Okta Verify for physical or virtual Windows environments

You can configure Okta Verify for physical or virtual Windows environments by using the AuthenticatorOperationMode option when you deploy the app. To change the authenticator operation mode after deployment, uninstall Okta Verify and reinstall it with other configuration options. For configuration options, see Okta Verify configurations for Windows devices.

Physical Windows environments

When you deploy Okta Verify to physical machines such as desktops or laptops, no configurations are required. The AuthenticatorOperationMode defaults to Normal, which is the appropriate value for physical environments.

Virtual Windows environments

Starting with version 4.9.0, Okta Verify supports deployment on virtual machines for the following Virtual Desktop Infrastructure (VDI) providers:

  • Citrix

  • Windows 365

  • AWS WorkSpace

What value to use with AuthenticatorOperationMode depends on what type of virtual environment you deploy Okta Verify to:

  • In static virtual environments, the user is assigned the same virtual machine each time they start a session. Use VirtualDesktopStatic in this case.

  • In layered virtual environments, the user is randomly assigned a virtual machine when they start a session. Use VirtualDesktopLayered in this case.

Layered virtual environments

In some layered VDI environments, the service that's responsible for syncing the user's data to the virtual machine may take several seconds. It's possible for Okta Verify to auto-start before it copies the user's existing Okta Verify data to the machine. If this happens, the user might lose their Okta FastPass enrollments or Okta Verify might fail to launch.

To prevent this issue, disable the Okta Verify Activation Task, which is responsible for auto-starting Okta Verify. Run this PowerShell command:

Copy 
Disable-ScheduledTask -TaskPath \ -TaskName "Okta Verify Activation Task"

To enable the activation task again, run this command:

Copy 
Enable-ScheduledTask -TaskPath \ -TaskName "Okta Verify Activation Task"

When the Okta Verify activation task is disabled, users have to click either Sign in with Okta FastPass or Open Okta Verify to open Okta Verify on their first authentication.

Related topics

Okta Verify configurations for Windows devices

Configure the user verification type for Okta Verify for Windows