This article outlines the primary steps to consider when troubleshooting an Okta Verify issue and presents a few of the most common situations that may be encountered, along with possible solutions.

• Okta Classic Engine
• Multi-Factor Authentication (MFA)

Okta Verify and Verify with Push can be diagnosed using three tools for most scenarios:
 

1. Okta System Log

Function: Displays user details such as MFA challenge and response status, device type, location, and security policy triggered by the user.

2. Security Policy Configuration

Function: Most issues regarding user access and MFA behavior are a result of the policy priority or group membership settings configured in Security > Authentication > Sign On.

Example Scenarios:

• • One user is prompted for Okta Verify by default.
  • The user is traveling abroad and cannot log in with Okta Verify.
  • MFA prompts occur too frequently or too infrequently.
  • This user/group is not prompted for MFA at all, or the user is not prompted for MFA, but other group members are prompted for MFA.
  • The following Sign On Rule screenshots from Security > Authentication > Sign On show different settings that could cause the above behavior:

3. Browser Developer Console

Function: This is primarily used if a platform or service issue with Okta MFA is expected. A browser's Developer Console/Network tab will show potential API errors or HTTP status codes such as 404, 500, and 503 instead of a standard "200 OK" message.

NOTE: A failed MFA challenge will trigger a 403 Access is Denied error every time.

The example below is from Chrome's Developer Console during a user's Okta Verify attempt. Notice the status column shows all 200s. Any HTTP tracing utility, such as Fiddler, will produce similar results.

For a full list of error codes, check the Okta error codes and descriptions documentation.
 

Common Scenario 1

• Okta Verify with Push triggered from Desktop/Laptop OS, but does not arrive on the mobile device.
• Okta Verify with Push arrives, user clicks approve, but nothing happens, or Okta Verify MFA shows the message "Haven't received a push notification yet?" or "Your push notification has expired."
• The Okta Verify Push notification(s) take a very long time to arrive.

Potential Solution:

Okta Verify w/ push is dependent on a reliable end-point to end-point network for delivery:

1. Confirm Push was triggered via the Okta System Log.
2. Confirm the Device's network connection/cell signal strength via text message or bandwidth test from a mobile device (if possible).
3. Confirm Device Date/Time Settings are set to Network (or Automatic). This is a very common issue for roaming users.
4. Reboot the device in question.
5. Try re-enrolling or reinstalling the Okta Verify app.
6. Check for a potential Jailbroken device or a device with a custom security layer, a Mobile Device Management (MDM) solution, or other endpoint security that could be interfering with delivery or notifications.

NOTE:

• As a workaround, use the Okta Verify Code instead of Push. If the MFA attempt still fails and the code is correct, check 2 and 3.
• If System Log entries are missing, network issues are suspected, or specific regions seem to have a high failure rate, please reach out to Okta Support for assistance.
• If a specific region or multiple regions seem to have a high failure rate, please reach out to Okta Support.

Common Scenario 2

• Okta Verify fails on Android devices running on the X platform or X Platform Version.
• A new version of Okta Verify introduces negative behavior.

Potential Solution:

1. Check the Okta Verify and device OS versions to see if there may be recent updates. Sometimes, device OS updates or Okta Verify updates can introduce new compatibility issues.
2. If this is suspected, reach out to Okta support for verification.

Common Scenario 3

Okta Verify does not install correctly on Mobile Devices. Okta Verify Installation fails, or it crashes frequently.

Potential Solution:

• Most likely device-related. Check overall mobile OS health for MDM security settings or Endpoint security that could be interfering with App and app notifications.

Related References

• How to open the developer tools in a browser