If the CrowdStrike integration is not properly configured, Okta System Log events display empty scores for CrowdStrike. This locks out users if the authentication rule requires the Zero Trust Assessment (ZTA) score. Resolve this issue by verifying the authentication policy, ensuring the Okta Verify plugin exists, validating the CrowdStrike data file, and enabling the Falcon sensor caching feature.

• Okta Identity Engine (OIE)
• Device Integration
• Authentication rules
• CrowdStrike
• Windows

Improper configuration of the CrowdStrike integration, missing Okta Verify plugins, missing or empty data.zta files, or inactive Falcon sensor caching prevents Okta from receiving the ZTA score.

How are empty CrowdStrike ZTA scores resolved?

Verify the authentication policy, validate the Okta Verify plugin configuration, check the CrowdStrike data file, and confirm the Falcon sensor caching feature remains active by performing the following actions.

1. Verify the authentication policy configuration by reviewing the Create an endpoint security integration authentication policy documentation.
2. Validate the Okta Verify plugin configuration.
   • If the Okta Verify installation includes the EnableZTAPlugin=TRUE flag, Okta Verify creates a default plugin file named com.okta.ztaDefault.json in the C:\ProgramData\Okta\OktaVerify\Plugins\ folder.
   • If the com.okta.ztaDefault.json plugin does not exist, recreate it by following the instructions in the Manage endpoint security integration plugins for Windows documentation under the Install the CrowdStrike endpoint security integration plugin section to create a plugin named com.crowdstrike.zta.json.
3. Validate the CrowdStrike data file. Okta obtains the ZTA score by reading the data.zta file provided by CrowdStrike. The file resides in the default path C:\ProgramData\CrowdStrike\ZeroTrustAssessment\data.zta.
   • If the data.zta file does not exist or contains no data, Okta Verify generates an error in the Event Viewer logs. Contact CrowdStrike support to enable the CrowdStrike Falcon Zero Trust Assessment feature.
   • If the data.zta file resides in a custom location, reconfigure the plugin to locate the file. Reference the configuration details in the Manage endpoint security integration plugins for Windows documentation under the Install the CrowdStrike endpoint security integration plugin section. The PowerShell script configures the JSON plugin file. The default location is "location": "%ProgramData%\CrowdStrike\ZeroTrustAssessment\data.zta". Change this value if the environment uses a custom location.
4. Confirm the Falcon sensor caching feature remains active. Contact CrowdStrike Support or the Technical Account Manager to enable this feature.
   • When ZTA caching remains active, the sensor saves the latest security score to a data.zta file. If the sensor restarts, the sensor uses this saved file to provide a score immediately, ensuring no gaps occur while the sensor waits for a new score from the cloud.
   • When ZTA caching remains inactive, the sensor removes the data.zta file during shutdown. Upon restart, the sensor has no local score to display and only reports a score after the cloud delivers a new score. This causes a temporary gap in score reporting.

Related References

• • Manage endpoint security integration plugins for Windows