This article explains why multiple challenges occur on the Sign-in Widget (SIW) when a user attempts to sign in using Sign in with FastPass after an administrator configures the Authentication Policy's rule to Require biometric user verification.

1. An administrator configures the Authentication Policy rule to Require biometric user verification.

2. When the end user clicks the Sign in with FastPass button, the following prompt appears, even though Require biometric user verification is selected in the Authentication Policy rule.

3. The end user attempts to complete the Okta Verify prompt, but the Sign-in Widget requests the challenge again.

• Okta Identity Engine (OIE)
• Okta Verify
• Sign-in Widget (SIW)

The challenge request generated when the end user clicks Sign in with FastPass has predefined attributes fixed and does not include the challenge requirements set by the administrator in the authentication policy rules (Require biometric user verification).

NOTE: Verify the challenge's details in the JSON Web Token (JWT) Debugger. Copy the "challengeRequest" value and paste it on that website.

Therefore, Okta does not receive the required response for the configured Require biometric user verification setting, resulting in the SIW requesting the challenge again from the end user.

After the re-requested challenge, verify now that the conditions set in the Authentication Policy's rule are requested exactly for the Device's Okta Verify.

Silent Probing automatically triggers challenges when users access applications, eliminating the need to click the Sign in with Fastpass button.

1. In the Authentication Policy, configure one or more rules.

2. Set the Device State as Registered.

Silent probing can identify which user is accessing the application, so it can prompt the proper challenge that the end user should be presented with.

Related References

• Okta FastPass for Seamless Experience - No User Interaction Needed