This article explains the protocol the Okta Verify application uses to generate mobile authentication codes when a device is offline.

• Okta Verify
• Offline Authentication

• The Okta Verify application uses the Time-Based One-Time Password (TOTP) protocol to generate six-digit offline codes.
• During the initial pairing process, the Okta Verify application and the user profile securely exchange a shared secret key.
• The TOTP protocol relies entirely on the shared secret key and the current time.
• This reliance allows the Okta Verify application to generate valid codes locally on the device without an active internet or cellular connection.
  
  

NOTE: Because the protocol is time-based, the device's internal clock must remain synchronized with the global time. If the device's time drifts significantly from Okta's server time, the generated offline codes will be invalid.