iOS Safari Authentication and Phishing-Resistant Factor Issues with iCloud Private Relay
Jun 9, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview
This article describes authentication problems and issues with phishing-resistant factor restraints that occur on unmanaged iOS devices using the Safari browser when Apple's iCloud Private Relay feature is enabled.
Applies To
- iOS
- Safari
- Okta Authentication Policies
- Phishing-Resistant Authentication
- Device Management
- Okta Identity Engine (OIE)
Cause
When iCloud Private Relay is enabled on unmanaged iOS devices, it can interfere with expected network behavior during authentication attempts in Safari. This interference can prevent phishing-resistant factor restraints, as configured in authentication policies, from functioning correctly.
Solution
To mitigate these issues on unmanaged iOS devices:
- Disable iCloud Private Relay on the device before attempting authentication via Safari.
- Once authentication is successfully completed, iCloud Private Relay can be re-enabled.
For additional workarounds, see the Unmanaged iOS Phishing Resistance and iCloud Private Relay article.
