Okta Verify security updates

If Okta discovers a critical security vulnerability in a specific version of the Okta Verify app, Okta can initiate a forced update of the app.

This forced update feature is only applicable to Okta Verify on Android and iOS.

Purpose and scope

The force update process is reserved strictly to address any critical security vulnerabilities found in a specific version of the Okta Verify app.

Its purpose is to minimize the attack surface by immediately blocking user access until they update to a safe version of the app. This prevents users from authenticating with Okta Verify.

Governance

The security and engineering teams at Okta are responsible for initiating a forced update. Admins aren't able to trigger this action.

To ensure that this powerful capability is used responsibly, every forced or encouraged update action is subject to a strict internal governance process:

  • Role restriction: Only individuals with high-security roles are authorized to initiate a change.

  • Approval requirement: The action requires explicit approval from a pillar-level architect, ensuring multi-layer oversight before deployment.

Admin notification

When initiating a forced update, Okta notifies affected admins through email or an alert banner on the platform.

The admin notification contains the following critical information:

  • Reason: The official, security-approved reasoning for the forced update.

  • Operating system: Whether the block applies to Android, iOS, or both platforms.

  • Affected versions: The exact version number or range being blocked, for example < 6.1.0 or 5.9.1.

  • Safe versions: The minimum safe version number required for continued access.

  • Date and time: The time when the block was pushed.

Admins should take the following steps to assist end users who are blocked:

  • Managed devices: Immediately use your mobile device management (MDM) solution to push the identified safe version to all affected users.

  • Unmanaged devices: Direct users to manually update the app using the Google Play Store or the Apple App Store.

Blocked and unable to update

If a user receives the message, Your device can't install the required update, that indicates that their OS version is incompatible with the minimum safe version of the app. The user is permanently blocked from Okta Verify on that device.

Direct the user to their IT team for assistance in updating their device, operating system, or for credential migration to a new device.

Related topics

Okta Verify deployment