<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
CrowdStrike EDR Integration for Windows
Oct 1, 2025
Devices and Mobility
Okta Identity Engine
Overview

This article provides troubleshooting steps for CrowdStrike Endpoint security for Windows devices.

Applies To
  • Okta Identity Engine (OIE)
  • Device Integration
  • Authentication rules
  • CrowdStrike
  • Windows
Cause

Okta admins most often notice that when the CrowdStrike integration is not configured properly, logins in the Okta system log show empty scores for CrowdStrike. This can cause users to be locked out if the ZTA score is a requirement in the authentication rule.

Solution

For Okta to receive the ZTA score, several steps need to be checked.
 

  1. Ensure the Authentication policy is properly configured.
  2. If Okta Verify is installed with EnableZTAPlugin=TRUE flag, it will create a default plugin file named com.okta.ztaDefault.json under C:\ProgramData\Okta\OktaVerify\Plugins\ folder. 
    • If this plugin com.okta.ztaDefault.json is missing, it can be recreated following the manual chapter Manage endpoint security integration plugins for Windows, section Install the CrowdStrike endpoint security integration plugin (a plugin named com.crowdstrike.zta.json will be created).
  3. Okta obtains the ZTA score by reading the data.zta file provided by CrowdStrike. The file can be found (default) in the following path:  C:\ProgramData\CrowdStrike\ZeroTrustAssessment\data.zta
  • If the data.zta file is missing or empty, an error in the Okta Verify event viewer logs will be seen.
  • If the data.zta file is missing or empty. Please contact CrowdStrike customer support for the CrowdStrike Falcon Zero Trust Assessment feature to be enabled.
  • If the data.zta file is in a custom location, the plugin may need to be reconfigured to know where to look for it. Reference config in the manual under:
    • Manage endpoint security integration plugins for Windows, section: Install the CrowdStrike endpoint security integration plugin, sub-section The PowerShell script configures the following JSON plugin file.
    • Reference the json config notes ""location": "%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta"," as the default location. This may need to be changed if a custom location is used. 

      4. Confirm that the Falcon sensor's caching feature is enabled. Crowdstrike Support or the customer's Technical Account Manager can enable this.

  • When ZTA Caching is Enabled: The sensor saves the latest security score to a data.zta file. If the sensor restarts, it uses this saved file to provide a score immediately, ensuring there are no gaps while it waits for a new score from the cloud.
  • When ZTA Caching is Disabled: The data.zta file is removed when the sensor shuts down. Upon restart, the sensor has no local score to display and will only report a score after a new one is delivered from the cloud. This explains the temporary gap that has been observed.

Related References

Recommended content

Still looking for help?
Loading
CrowdStrike EDR Integration for Windows