• Windows 10 1903 or later

Windows 10 1903 utilizes the FIDO2/WebAuthn protocol for Windows Hello.  The former proprietary Windows Hello factor is no longer compatible with 1903 and later.

Enable Web Authentication as a multi-factor and enroll impacted users:

1. If Windows Hello is still active as a factor, deactivate it in the Okta Admin Console under Security > MultiFactor > Factor Type > Windows Hello and select Deactivate. Windows Hello and FIDO2 (WebAuthn) are not compatible.

2. Open a case with support to enable the WebAuthn feature.

3. Work with end-user(s) to re-enroll as FIDO2/WebAuthn.