This article presents the steps to consider when upgrading the Okta MFA provider for Active Directory Federation Services (ADFS) to the latest version. If one of the steps is skipped, a general PowerShell error could be generated.
- Multi-Factor Authentication (MFA)
- Okta MFA for Active Directory Federation Services (ADFS)
- Windows Server ( 2012 R2 , 2012 , 2016 , 2019 v1.30 and later )
If the Okta MFA provider is not disabled before the upgrade attempt, a general Windows error is thrown:
Error 1001. Error 1001. Powershell command failed.PS0099: The specified authentication provider cannot be removed from the policy store. The provider is currently specified in the additional authentication providers list. Remove the provider from the additional authentication providers list.An authentication provider with identifier 'OktaMfaAdfs' is already present in the policy store. Identifiers must be unique.=== Logging stopped: D/M/Y H:M:S ===
Follow the steps below in order to upgrade to the latest version:
- Turn off the Okta MFA provider from the Authentication Methods.
- Attempt install:
- Access the Download section from the Okta Admin Dashboard and retrieve the latest version.
- Go to the directory where the agent installer was downloaded.
- Unzip the archive, and run setup.exe as administrator.
- Click Next to start the installation.
- Log back into the Okta org, and go to the Microsoft ADFS (MFA) application created in Install and configure Microsoft ADFS in Okta.
- If it failed with the same error, restart the ADFS service on all hosts:
Restart-Service adfssrv -Force
- Reattempt the install.
