Despite FastPass being allowed as Optional or Required in the relevant enrollment policy, users receive the following errors when attempting to enroll in FastPass:

• Access Denied (in the Okta Verify Desktop application)
• Authenticator Operation is Not Allowed  (in the Web UI)

• Okta Identity Engine (OIE)
• Multi-Factor Authentication (MFA)
• Enrollment Policies

The Okta Authenticator application, despite not being visible in the Applications list, is considered an application. Therefore, if the enrollment policy in question is only set to allow enrollment when the user is accessing Okta, the enrollment will fail.

1. Navigate to Security > Authenticators > Enrollment tab.
2. Choose the policy in question and scroll down to Rules.
3. Click the pencil icon to edit the rule.
4. Check the box for Applications within the enrollment policy.