<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
macOS Desktop MFA Not Installed Properly
Oct 31, 2025
Okta Identity Engine
Okta Device Access
Overview

This article provides steps to troubleshoot installation issues with macOS Desktop Multi-Factor Authentication (MFA). Symptoms include the Desktop MFA profile being pushed and Okta Verify being installed, but users are not prompted for MFA.

Applies To
  • Okta Device Access (ODA)
  • macOS Desktop MFA
  • Okta Identity Engine (OIE)
Solution

Use the steps below to troubleshoot the necessary components of a macOS Desktop MFA installation.

  1. Verify the installation order and version.

    • The Desktop MFA configuration profile must be deployed to the macOS device before the Okta Verify application. Okta Verify searches for the configuration profile during installation to enable Desktop MFA components.

    • If Okta Verify was installed first (for example, for FastPass), reinstall a newer version of Okta Verify.

    • NOTE: Deleting and reinstalling Okta Verify does not result in the loss of FastPass enrollments.

  2. Ensure the correct Okta Verify package is used.

    • Download the Okta Verify package from the Admin Console. The Apple App Store version does not support Okta Device Access.

    • If the App Store version is already installed, uninstall it before installing the Admin Console version, or ensure the Admin Console version is higher.

    • If Okta Verify is pushed through the Volume Purchase Program (VPP), disable auto-updates for the VPP app after reinstalling the non-App Store version.

  3. Verify the Authorization Plugin is installed.

    • Run the following command:

      ls /Library/Security/SecurityAgentPlugins/OktaDAAuthPlugin.bundle

    • Review the output:

      • /Library/Security/SecurityAgentPlugins/OktaDAAuthPlugin.bundle: The Authorization Plugin is present.

      • ls: /Library/Security/SecurityAgentPlugins/OktaDAAuthPlugin.bundle: No such file or directory: The Authorization Plugin is missing. This may indicate an installation problem.

  4. Verify the Service Daemon is installed.

    • Run the following command to check the symlink:

      ls /usr/local/bin/OktaDAServiceDaemon

    • If the output shows ls: /usr/local/bin/OktaDAServiceDaemon: No such file or directory, the Daemon was not installed.

    • Because /usr/local/bin is a symlink, check if the base file is present by running this command:

      ls "/Applications/Okta Verify.app/Contents/Helpers/OktaDAServiceDaemon"

    • If the result indicates a No such file or directory error, the base file is not present.

  5. Verify the Service Daemon is running.

    • If both the Service Daemon and Authorization Plugin are installed, verify the Service Daemon is running. Run the following command with sudo privileges:

      sudo launchctl list | grep -i okta

    • If the output includes com.okta.deviceaccess.servicdaemon, the service is running.

    • If users are still not prompted for Desktop MFA, gather the necessary logs and contact Okta Support.

Recommended content

Still looking for help?
Loading
macOS Desktop MFA Not Installed Properly