Is it possible to prevent the Okta Verify Push from being sent from the same device where a VPN connection is originated? Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjclqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
David BoarmanDavid Boarman 

Is it possible to prevent the Okta Verify Push from being sent from the same device where a VPN connection is originated?

Our VPN client can be installed on mobile devices, but that creates a concern because we use Okta Verify for MFA, which could technically be installed on the same device as the VPN client.  We feel that somewhat defeats the purpose of "multi-factor authentication".  So, we were curious if Okta could prevent the push approval coming from the same device that the connection request was originated from.  Is that possible?
 
Rares PrisacariuRares Prisacariu (Vendor Management)
Hi, David 
Rares here from Okta Support, thank you for contacting us.
To answer the question, Okta will always send the push to the device it was enrolled on. if your VPN configuration allows it, you can choose another method of multifactor authentication besides Okta Verify. This way, the device that has VPN configured on will not take part in the MFA process.