When logging in to a Windows machine with an Okta Desktop Access setup and using Okta Verify Push as a factor, the following error appears:

Challenge failed.

Okta Device Access Logs show the error:

[WRN] [ 🟠 ] [DirectAuthOvPushChallenge::InitChallengeAsync] Token response:TokenType: Channel: Interval:0 Error:invalid_client ErrorDescription:The client secret supplied for a confidential client is invalid. HttpStatusCode:Unauthorized RequestId=[RequestID]

 [INF] [ 🟦 ] [UserLogonSession::InitChallengeAsync] Init challege: 'Okta Verify push notification':External:Online Result=Failure (msg=invalid_client - The client secret supplied for a confidential client is invalid.)

[VRB] [ 🔍 ] [AnalyticsActivityExporter::Export] Exporting completed activities... Count: 1

VRB] [ 🔍 ] [ActivityManager::EndActivity] Tracked activity Authentication ended. Status: Error

2025-04-30 09:39:50.916 -07:00 [INF] [ 🟦 ] [DesktopLogonProviderImpl::InitChallengeAsync] Challenge initiation for session [SessionID] returned Failure

• Okta Identity Engine (OIE)
• Okta Device Access (ODA)
• Desktop MFA for Windows

The ClientSecret key is invalid or does not match.

1. Open Registry Editor. 
2. Go to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Okta\Okta Device Access.
3. Ensure that:
   • The ClientSecret key from the registry is valid and matches the one from the Desktop MFA App on the Admin Console.
      
     
     
4. Once corrected, try logging in again. If it fails: Open Services > restart Okta Identity Service.

Related References

• Deploy Desktop MFA to your endpoints
• Okta Device Access: Configure access policies