Deleted Device Cannot Be Re-added as a Managed Device
Dec 16, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview
This article covers scenarios where devices can become unmanaged and fail Fastpass authentication.
Applies To
- Okta Identity Engine (OIE)
- Okta Verify
- Management attestation
Cause
If Okta verify logs show the errors below, this is due to the device within the Okta admin dashboard being deleted while the Okta verify app still contains the user's enrollment.
{✅ "Enrolling Authenticator": {"message": "URL: https://tenant.okta.com/idp/authenticators", "defaultProperties": "", "location": "LegacyServerAPI.swift:enrollAuthenticatorRequest(orgHost:metadata:deviceModel:appSignals:enrollingFactors:token:completion:):126"}}
{✅ "API": {"message": "Request URL: https://tenant.okta.com/idp/authenticators Response Code: 410 Debug Headers: { x-rate-limit-reset:1692193535 x-okta-request-id:[okta request id] x-rate-limit-limit:600 x-rate-limit-remaining:592} Error Response: {Error Code: E0000153, Error Id: oaeMKIDzpZmQhKdB1G3OPWk5Q, Error Summary: Invalid device id, it no longer exists.}", "defaultProperties": "", "location": "HttpClient.swift:logResponse(url:statusCode:headers:response:oktaRequest:):272"}}
{⚠️ "CODE": {"message": "CODE: 410, for request at URL: https://tenant.okta.com/idp/authenticators", "defaultProperties": "", "location": "ServerAPIProtocol.swift:validateResult(_:for:):263"}}
{🛑 "API error": {"message": "error: serverAPIError(<OktaDeviceSDK.HTTPURLResult: 0x6000028e0120>, Optional(OktaDeviceSDK.ServerAPIErrorModel(errorCode: Optional(OktaDeviceSDK.ServerErrorCode.deviceDeleted), errorSummary: Optional("Invalid device id, it no longer exists."), errorLink: Optional("E0000153"), errorId: Optional("[ErrorID"), status: nil, errorCauses: Optional([["errorSummary": "Invalid device id [guoID], it no longer exists."]])))) for request at URL: https://tenant.okta.com/idp/authenticators", "defaultProperties": "", "location": "ServerAPIProtocol.swift:validateResult(_:for:):273"}}
{✅ "EnrollTransaction": {"message": "Rolling back transaction", "defaultProperties": "", "location": "OktaTransactionEnroll.swift:rollback():107"}}
{🛑 "Enrollment": {"message": "serverAPIError(<OktaDeviceSDK.HTTPURLResult: 0x6000028e0120>, Optional(OktaDeviceSDK.ServerAPIErrorModel(errorCode: Optional(OktaDeviceSDK.ServerErrorCode.deviceDeleted), errorSummary: Optional("Invalid device id, it no longer exists."), errorLink: Optional("E0000153"), errorId: Optional("[ErrorID"), status: nil, errorCauses: Optional([["errorSummary": "Invalid device id [guoID], it no longer exists."]]))))", "defaultProperties": "", "location": "EnrollmentManager.swift:fromDeviceAuthenticatorError(_:_:):67"}}
{🛑 "Enrollment": {"message": "UNKNOWN_API_ERROR_CODE", "defaultProperties": "", "location": "AddAccountFlowCoordinator.swift:handleEnrollFailure(info:error:):485"}}
{✅ "Storage Management": {"message": "Key not found in storage: 00o1hpv5nxsjCOL2F0h8", "defaultProperties": "", "location": "UserDefaultsManager.swift:data(with:readUnencrypted:forbidCleanup:):122"}}
2023/08/16 09:45:07:496 -0400 {🛑 "Storage Management": {"message": "Failed to read org details for org [OrgID]: itemNotFound", "defaultProperties": "", "location": "OrgStorageManager.swift:getOrg(orgId:):81"}}
2023/08/16 09:45:07:496 -0400 {🛑 "Storage Management": {"message": "Failed to read org details for org [OrgID]: itemNotFound", "defaultProperties": "", "location": "OrgStorageManager.swift:getOrg(orgId:):81"}}
Solution
For registered devices, a re-enrollment is all that is needed.
If the device is managed with an SCEP certificate issued to the personal store, then a new certificate will be required before re-enrollment.
