Multiple users are associated with the same device name and on the same guoID on an iPhone configured via Intune as Mobile Device Management (MDM), even though they used separate iPhone devices.

This article explains why this is happening and how to solve the issue.

• Devices
• iOS
• Device Integrations (Device Trust)
• Okta Identity Engine (OIE)
• Mobile Device Management (MDM)
• Intune

UDID was misconfigured in Intune, leading to many users' devices being registered as a single device.

Step 1

1. Log in to Microsoft Intune.
2. Go to Apps > select iOS/iPadOS.
3. Under Managed Apps, select Configuration.
4. Now select the iOS Profile Name > Properties. 
5. Under Settings, select Edit.
6. Ensure that the UDID for OktaVerify.UDID Value (string): is {{UDID}} as recommended by Microsoft.

NOTE:

• • When specifying a variable, enclose its name in double curly brackets {{ }} as shown in the example to avoid errors.
  • OktaVerify.UDID Value (string) for Jamf is $UDID.
    
    
    

Step 2

1. For Admins:
   •  Suspend, deactivate, and delete the device for the affected users:
     • To do this, go to Directory > Devices > search for the device name that needs to be suspended, deactivated, and deleted.
2. For End Users:
   • Delete and re-enroll the account in Okta FastPass on their iOS device.

NOTE: Make sure to tap the Delete Account option in the Okta Verify app on iOS, not the Re-enroll option. Re-enrolling will only create duplicate entries on Devices.

 

NOTE: For Jamf Pro customers, particularly with Unsupervised devices where the UDID cannot be obtained, a possible solution is to use a unique device identifier provided by Jamf. For instance, the Jamf Mobile Device ID can be used as it provides a unique value for each device enrollment.

Related References 

• Create and assign SCEP certificate profiles in Intune
• Okta Verify configurations for iOS devices
• Configure Okta as a CA with delegated SCEP challenge for Windows using MEM (formally Intune)