This article answers the question of whether it is possible to utilize fingerprint readers or other biometric options to sign into a Windows desktop MFA device.

• Desktop Multi-Factor Authentication (MFA)
• Windows Devices
• Okta Identity Engine (OIN)

Utilizing fingerprint readers or other desktop biometrics, such as Windows Hello, to sign into Windows devices with Okta MFA enforced at device login is not supported. This limitation exists because Windows does not allow third-party credential providers to invoke Windows Hello or access biometric authentication at the system login level.

For passwordless or biometric authentication, Okta supports the use of Okta Verify push notifications combined with biometrics on a mobile device.

Related References

• Supported Desktop MFA Authenticators