<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
DNS Rebind Protection
Sep 10, 2024
Okta Classic Engine
Okta Identity Engine
Multi-Factor Authentication
Overview
Unmanaged devices cannot satisfy the phishing resistance policy requirement when DNS rebind protection is enabled on the user’s network.
Applies To
  • Okta Verify
  • Android
  • Unmanaged iOS, macOS, and Windows
Cause
DNS Rebind Protection is a feature on some routers that can prevent Okta Verify from establishing a secure connection to browsers or native apps on the device.  As a result, logins under these conditions will fail phishing resistance checks.

 

For more information on Okta Verify, see the FastPass Technical Whitepaper.

Solution

Depending on the network hardware, one or more solutions may be available for issues related to DNS rebind protection. The three solutions outlined below apply to most common network routers. Consult the hardware's manual for available options and instructions on how to implement. 

  1. Add an exception to the Router/DNS server for the domain authenticatorlocalprod.com
  2. Add an exception to the Router/DNS server for localhost.
  3. Disable DNS rebind protection.

Workaround

The following options can be used as a workaround for the above-mentioned solutions:

  1. Switch to a cellular or alternate WiFi connection.
  2. Utilize a private or third-party DNS service.

Recommended content

Still looking for help?
Loading
DNS Rebind Protection