Companies that leverage Duo in Okta may notice in their Duo logs that Okta makes frequent pre-authentication (PreAuth) calls to Duo.

• Multi-Factor Authentication (MFA)
• Security

With the Duo MFA factor, Duo's PreAuth API is utilized to perform periodic status checks on user accounts that are currently enrolled in the Duo factor on the Okta side. These PreAuth status checks are performed at runtime when various Okta endpoints are hit to access a user's profile, such as AuthN, GetFactor, GetSession, GetUserProfile, etc.

The reason Okta utilizes Duo's PreAuth endpoint in such a comprehensive manner is to ensure that each user's MFA profile in Okta is kept up-to-date with the most current device and capability aspects as reflected in their Duo profile. This benefits the customer by improving MFA response times by several milliseconds once an event is triggered that utilizes the full Duo MFA auth flow (such as authentication).

The best way to avoid seeing these events in the Duo logs is to ensure that users who are disabled/deleted on the Duo side or are deactivated in Okta are also unenrolled from the Duo factor on the Okta side. This can be accomplished via the Reset Multifactor option from the user's profile.

Related References

• Duo Auth API - /preauth