<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
Okta Desktop MFA Is Not Compatible with Windows Hello
Okta Device Access
Okta Identity Engine
Overview

Users are not prompted for Desktop Multi-Factor Authentication (MFA) if they choose to log in to their Windows device using Windows Hello PIN or Biometrics.

Applies To
  • Okta Device Access
  • Desktop MFA
  • Okta Identity Engine (OIE)
  • Windows Hello
Cause

Desktop MFA currently supports the following factors for Windows: 

  • Offline: Okta Verify one-time password, YubiKey (OTP)
  • Online: Okta Verify push, Okta Verify one-time password

Windows Hello is an additional credential provider, and it is expected that the user not be prompted for Okta Desktop MFA if Windows Hello PIN or Face ID is selected. In this situation, use either Okta Desktop MFA or Windows Hello only.

Solution

To prompt users for Desktop MFA, exclude Windows Hello as a credential provider on their devices by using Okta registry keys.

Loading
Okta Desktop MFA Is Not Compatible with Windows Hello