<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Device Access Registration Fails for a Device Previously Enrolled in UD
Oct 20, 2025
Okta Device Access
Okta Identity Engine
Overview

A device that has previously been enrolled in Okta UD (Universal Directory) fails to register for ODA (Okta Device Access) and the following chain of events, starting with a 401 response and culminating in Device registration failed can be observed in the Okta Verify log file:

 

{"API": {"message": "Request URL: https://orgname.okta.com/oauth2/v1/token Response Code: 401 Debug Headers: { x-okta-request-id:[OktaRequestID] x-rate-limit-reset:1729582114 x-rate-limit-remaining:9981 x-rate-limit-limit:10000} Error Response: {Error Code: empty, Error Id: empty, Error Summary: empty}", "defaultProperties": "", "location": "HttpClient.swift:logResponse(url:statusCode:headers:response:oktaRequest:):299"}}
{"Platform SSO": {"message": "Device SSO call to https://orgname.okta.com/oauth2/v1/token response status: 401", "defaultProperties": "", "location": "DeviceAuthenticator.swift:retrieveToken(from:scopes:assertion:):84"}}
{"Platform SSO": {"message": "Invalid response from server for request to https://orgname.okta.com/oauth2/v1/token: Empty response body", "defaultProperties": "", "location": "DeviceRegistrar.swift:loggingAndMetrics(errorReport:):126"}}
{"Platform SSO": {"message": "Device registration failed: RegistrationErrorReport(registrationError: AuthServiceExtension.DeviceSSORegistrationError.invalidServerReponse(AuthServiceExtension.DeviceSSORegistrationError.InvalidServerResponse.emptyBody), endpoint: https://orgname.okta.com/oauth2/v1/token)", "defaultProperties": "", "location": "DeviceSSORegistrationHelperSharedKeys.swift:performDeviceRegistration(viewModel:):38"}}
Applies To
  • Device registration
  • Okta Device Access (ODA)
  • Device was previously enrolled in Universal Directory (UD)
  • MacOS
  • Okta Identity Engine (OIE)
Cause

The device has been deleted from Okta UD under Directory > Devices in the admin console but Okta Verify on the device itself is still using the old enrollment.

Solution

Reset the Okta Verify (OV) configuration in the admin console by going to Directory > People > User > More Actions > Reset Authenticator, resetting the respective authenticator.

If that fails, then perform the following command on the device itself: 

rm -rf /Library/Group\ Containers/B7F62B65BN.group.okta.macverify.shared/

This will delete the entire OV configuration, including OV enrollments, Password Sync, Desktop MFA, and anything else Okta Verify-related.

Recommended content

Still looking for help?
Loading
Device Access Registration Fails for a Device Previously Enrolled in UD