This article details a known issue in Okta Device Access (ODA) Windows Desktop MFA with Okta Verify version 5.6 and above.

While using Okta Desktop MFA with passwordless authentication a push notification is sent to the end user’s mobile device before clicking the “Sign In” button.

• Okta Identity Engine (OIE)
• Okta Device Access (ODA)
• Desktop MFA
• Windows Devices

Modifications to the Desktop MFA authentication policy can cause some users to receive an extra push notification. Okta recommends not modifying this policy.

In this case, an administrator configures an authentication policy to restrict the use of authentications to a specified list shown below. Once saving this policy they receive reports of users getting extra push notifications during the login flow.

1. Remove the restriction on allowing or disallowing specific authenticators by selecting the option to Allow any method that can be used to meet the requirements.
    
2. If the admin wished to restrict the authenticators that are displayed to the end users, the following steps can be taken.
   1. Enable DirectAuth refer to the Enable FIDO2 for the Desktop MFA client documentation. 
   2. Configure the AllowedFactors list with the authenticators to be displayed to end users. Ensure if offline login is allowed to include the offline factors to display as well.