Users are Prompted Twice for Credentials when Using 3rd Party MFA Provider Entrust
Nov 21, 2025
Okta Classic Engine
Multi-Factor Authentication
Overview
Once the 3rd Party MFA Provider Entrust is deployed and configured in Okta using the Okta On-Prem MFA Agent as a RADIUS Client, users are asked to use their credentials twice while receiving an error the first time they provide the correct token.
Applies To
- Okta On-Prem MFA Agent
- Entrust
- Multi-Factor Authentication (MFA)
Cause
This type of integration relies on the Okta Agent to facilitate communication between the Okta service and the Entrust On-Prem RADIUS servers.
This behavior can occur if the Entrust servers are not configured to work with the Okta Agent.
Solution
To prevent this behavior, please set the following options on the Entrust side:
-
Set the First-Factor Authentication Method to "Entrust IdentityGuard Token".
-
Set Only Perform First-factor Authentication to "True".
