This article provides a centralized repository of known issues affecting Okta Devices integrations across macOS, Windows, iOS, and Android platforms. These issues may impact the performance or expected behavior of features such as Okta Verify, Device Management, Device Access, Desktop Password Sync, Desktop MFA, and other integrations with MDMs like Jamf and Intune (MEM).

• Okta Identity Engine (OIE)
• Okta Devices Integrations
• Okta Verify
• macOS
• Windows
• iOS
• Android

Each entry below includes a summary of the known issue and provides a link to a full article for more detailed analysis, including environment-specific notes, root causes (when known), and recommended workarounds.

All Platforms

• Users on Unmanaged Devices Receive an Erroneous MDM Remediation Message
  • This article reviews a known issue where an end-user may be shown an erroneous "Additional setup required" remediation message when an unmanaged device attempts to access a resource protected by a managed device authentication policy. The message may reference the incorrect device management solution and direct to an unrelated enrollment site.
• Deactivated End Users Are Able To Enroll in Okta Verify
  • This article reviews a scenario where a user sourced from Active Directory (AD) can complete Okta Verify enrollment after being deactivated in AD if a QR code was generated before deactivation. The enrollment process proceeds even though the user is no longer active in the identity source. However, access to Okta-protected applications remains blocked.
• Okta FastPass Setup Prompt Missing in Multi-Org Environments
  
  • This article will review a known issue with devices, where users signing in to a multi-org environment may not receive the Okta FastPass setup prompt. As a result, users might not complete FastPass enrollment and experience inconsistent sign-in behavior.
• Unable to Remove Okta Verify Account After Active Directory Deletion
  • This article explains that users are unable to remove their account from Okta Verify if their user account has been deleted from Active Directory (AD).
• Okta Verify Users Denied Access to Applications Due to Device Context Probing Failure
  • This article explains why users enrolled in Okta Verify are denied access to an application when authenticating with a username and password. This situation occurs when specific authentication policy rules are in place and Okta is unable to probe for device context.
• Okta Verify Enrollment Is Not Automatically Triggered When Using an Admin Portal URL
  • This article explains why Okta Verify enrollment is not automatically triggered when a user navigates to the admin portal URL to begin the enrollment process. While direct access to the organization URL (e.g., http://<subdomain>.okta.com) typically initiates enrollment automatically for users who to add their account on Okta Verify, using the admin portal URL (e.g., http://<subdomain>-admin.okta.com) leads to a redirection to the organization URL, but the enrollment sequence does not start.

Apple

iOS

• iOS Safari Authentication and Phishing-Resistant Factor Issues with iCloud Private Relay
  • This article describes authentication problems and issues with phishing-resistant factor restraints that occur on unmanaged iOS devices using the Safari browser when Apple's iCloud Private Relay feature is enabled.
• iOS Okta Verify Enrollment Fails for New Users Without a Password
  • This documentation explains why new Okta users without a password encounter an Authenticator operation is not allowed error during Okta Verify enrollment on iOS, and provides workarounds like setting a password first or using a non-iOS device for initial enrollment.

macOS

• Users on macOS Unable to Access Google Drive File Stream with Okta Verify Passwordless SSO
  • This article describes an issue where users on macOS devices cannot access the Google Drive File Stream application. This problem occurs when Okta Verify single sign-on (SSO) is implemented, and the application is protected by an Okta authentication policy configured for passwordless access.
• macOS Fails to Prompt for Touch ID with Okta Verify on Big Sur and Earlier
  • This article addresses an issue where macOS devices occasionally fail to prompt users for Touch ID when they authenticate using Okta Verify. This problem is specific to macOS Big Sur and earlier versions.
• macOS Users with SSO Extension Profile Do Not Receive Device Lifecycle Messages in Safari on Big Sur and Earlier
  
  • This article describes an issue where users on macOS devices configured with an SSO extension profile do not receive Okta device lifecycle messages. This problem specifically affects Safari users on macOS Big Sur and earlier versions.

Windows

• Okta Verify Authentication Fails on Windows When Same Account Is Used Across Multiple OS User Profiles
  • This article describes an authentication issue with Okta Verify on Windows devices that have multiple operating system (OS) user profiles. If the same Okta account is added to Okta Verify under more than one OS user profile on the same device, authentication may fail for enrollments other than the most recently established one.

Related References

• Troubleshooting Okta FastPass on Android