When attempting to use Okta Verify on an iOS device, the following error message displays:

Your network settings are preventing Okta Verify from working properly

This issue occurs even when no Virtual Private Network (VPN) is active on the device.

• Okta Verify
• iOS
• Okta Identity Engine (OIE)

This error occurs when network settings on the device or the carrier network interfere with Okta Verify's ability to communicate with Okta servers. Potential causes include:

• Incorrect date and time settings on the device.
• Disabled notifications for the Okta Verify app.
• Network-level Domain Name System (DNS) configurations, such as DNS rebind protection on a router or a custom private DNS service.
• Issues with the mobile carrier network configuration.

Follow these troubleshooting steps to resolve the issue. Test if the error is resolved after each step before proceeding to the next.

1. Verify device date and time settings

Ensure the date and time on the iOS device are set to update automatically, as a mismatch causes authentication failures.

1. 1. Go to Settings > General > Date & Time.

   2. Toggle Set Automatically off.

   3. Wait a few seconds, then toggle Set Automatically on.

2. Check Okta Verify notification settings

Notifications are required for push verification to function correctly.

2. 1. Go to Settings.

   2. Tap Okta Verify.

   3. Tap Notifications and ensure that Allow Notifications is enabled.

3. Isolate the network

Determine if the issue is specific to the Wi-Fi or cellular network.

3. 1. If connected to Wi-Fi, turn it off and attempt to sign in using cellular data.

   2. If using cellular data, connect to a trusted Wi-Fi network and attempt to sign in again.

   3. If the issue only occurs on one network type, the problem lies with that specific network configuration.

4. Review network DNS settings

Certain DNS configurations block the necessary communication for Okta Verify.

4. • Router/Firewall: If on a Wi-Fi network, check the router or firewall settings. Security features like DNS Rebind Protection interfere with Okta. Refer to the DNS Rebind Protection article. Add Okta domains to the allowlist if necessary.

   • Private DNS: Check if a Private DNS or a third-party DNS filtering app is in use. Temporarily disable it and attempt the sign-in process again.

5. Contact the mobile carrier

If the previous steps fail to resolve the issue, particularly if the problem persists on the cellular network, the issue may lie with the mobile provider.

1. 1. Contact the mobile carrier to open a support ticket.

   2. Explain the issue and the troubleshooting steps taken.