After migrating from Device Trust (Classic) to Device Trust on the Okta Identity Engine (OIE) and having an authentication policy rule that requires Registered devices, the following message might be seen in the system log events and receive a certificate prompt when authenticating:
Authentication of device via certificate - failure: NO_CERTIFICATE
- Okta Identity Engine (OIE)
This is expected behavior and will be resolved when migrated to Okta FastPass. It occurs because the server is attempting a Device Trust challenge with a device that does not have a client certificate. The user can still log in, but the device is considered "untrusted".
Deploy and configure Okta Verify FastPass to the users. See Configure Okta FastPass
Once the application has been installed on the end user's devices, have the users authenticate with FastPass to an application policy that requires the device to be managed.
Upon successful authentication, use Okta Verify to authenticate when accessing the managed applications.
Related References
- Configure Okta FastPass
- Replace Desktop Device Trust with Okta FastPass
- Org Summary - Device Trust Desktop Registrations
