I have a question - whether Okta administrator can generate secret key for Okta Verify for a normal user? The fact that the user cannot login with a desktop but has an urge to set up the app. Is that possible?
My situation is - when you have to set up the Okta Verify app, you need to first login your Okta on a desktop and then click "Set-up" at the profile settings. While my client is not able to do that and have the urge to enroll the device to Okta with the Secret Key.
I'm wonder if there's any chance to enroll a mobile device to Okta Verify App without logging in once at Okta from any other devices.
It seems like you stumped the Okta wizards with this question. (no offense to the Okta wizards, please do not smite me!)
From what I have encountered within my own organization, there is no functionality that allows anyone besides the recipient of the "welcome aboard" email to configure multifactor on a device. HOWEVER, if you (the presumed admin in this scenario) were to configure the user's account for them AND had access to their MFA device, you could configure their MFA, BUT you would need to do the entire on-boarding process for them as well. This would include setting their login picture, password, and security question. Is it possible to do this? Yes. Should you do this? Absolutely not. For one, it's more work for you, the already overworked admin. For two, they would immediately need to reset all of their authentication methods to remain secure. And finally, the sheer logistical nightmare of getting a user to give you their (presumed) phone while you set up their account, just to reset all of their authentication methods other than MFA. It would be a severely time consuming process if done at scale, or worse yet, if the described user was at a remote location.
The answer is relatively simple. Tell the user, "In order to continue providing a secure authentication process, it is not possible for an Okta admin to configure your multifactor for you. I apologize for the inconvenience."
I hope you found this helpful, in spite of the time it took for me to provide you with an answer.