This article discusses the issue with Okta Verify Application Enrollment for iPhone 15 running iOS 17.
After users change their phones and transfer data from the old iPhone to the new iPhone 15, the token is also transferred. However, on the new phone, the token is not recognized, resulting in an error:
Couldn't Add Your Account Operation Failed—invalidToken.
- Okta Identity Engine (OIE)
- iOS 17
- iPhone 15
- Okta Verify Application
- Users transfer data from the old iPhone to the new iPhone 15 (that runs iOS 17)
When the data from the old iPhone is transferred to the new iPhone 15, the Enrollment token is also transferred. The Okta Verify application from the new phone uses the token that belongs to the old phone. This behavior will result in the following error message in the Okta Verify Application logs:
{🛑 "TOTPFactor": {"message": "Failed to construct TOTP factor. Not secret provided", "defaultProperties": "", "location": "OktaFactorTOTP.swift:init(factorData:cryptoManager:restAPIClient:logger:totpGeneratorType:keyStretchingEnabled:):51"}}
This behavior was noticed when users set up their new devices via iCloud restore.
Users must reinstall the Okta Verify Application and reenroll Okta Verify on the new phone.
