Is it possible to prevent the Okta Verify Push from being sent from the same device where a VPN connection is originated?
Our VPN client can be installed on mobile devices, but that creates a concern because we use Okta Verify for MFA, which could technically be installed on the same device as the VPN client. We feel that somewhat defeats the purpose of "multi-factor authentication". So, we were curious if Okta could prevent the push approval coming from the same device that the connection request was originated from. Is that possible?
Hi, David Rares here from Okta Support, thank you for contacting us. To answer the question, Okta will always send the push to the device it was enrolled on. if your VPN configuration allows it, you can choose another method of multifactor authentication besides Okta Verify. This way, the device that has VPN configured on will not take part in the MFA process.