Configure the user verification type for Okta Verify for Windows

You can configure the user verification type for Okta Verify by passing the UserVerificationType option when you deploy the app. To change the user verification type after deployment, uninstall Okta Verify and reinstall it with other configurations. See Okta Verify configurations for Windows devices.

The default user verification type depends on the authenticator operation mode.

Operation mode

Default user verification type
Normal (default) WindowsHello
VirtualDesktopStatic OktaVerifyPasscode
VirtualDesktopLayered OktaVerifyPasscode

  • If you deploy Okta Verify on physical machines such as laptops or desktops, and don't pass any configuration option, user verification defaults to Windows Hello. To change the default, set UserVerificationType to OktaVerifyPasscode.

  • If you deploy Okta Verify in a virtual environment, set AuthenticatorOperationMode to VirtualDesktopStatic or VirtualDesktopLayered. UserVerificationType defaults to OktaVerifyPasscode.

User verification with Windows Hello

Set UserVerificationType to WindowsHello.

During enrollment, Okta Verify prompts users to enable Windows Hello confirmation.

Okta Verify prompts users to enable Windows Hello confirmation.

When the authentication policy requires two factor types or user verification, Okta Verify prompts users to confirm their identity with Windows Hello biometrics or PIN.

Okta Verify prompts users to authenticate with Windows Hello.

User verification with an Okta Verify passcode

Starting with version 4.9.0, Okta Verify supports user verification with an Okta Verify passcode. To enable it, set UserVerificationType to OktaVerifyPasscode.

During enrollment, Okta Verify prompts users to create a passcode with at least eight characters. The passcode is securely stored by the Windows operating system. Okta Verify doesn't store the user’s passcode.

Okta Verify prompts users to create a passcode.

When the authentication policy requires two factor types or user verification Okta Verify prompts users to confirm their identity with the passcode they created during enrollment. If the user enters an incorrect passcode, Okta Verify allows two more attempts.

Okta Verify prompts users to authenticate with a passcode.

Related topics

Okta Verify configurations for Windows devices

Configure Okta Verify for physical or virtual Windows environments