Okta Multi-Factor Authentication (MFA) prompts continue to appear when users select the Keep Me Signed In (Okta Identity Engine) or Do not challenge me on this device (Okta Classic) options, even if a browser prevents cookie storage, automatically clears cookies, or a user manually clears their cookies. Resolving this issue requires using standard browsers and configuring them to retain cookies so Okta can save the user's preferences. Users experience repeated MFA prompts upon sign-in because Okta fails to recognize the device without the appropriate cookie.

NOTE: This feature will not function in embedded browser environments (such as VPN clients) that do not persist cookies across sessions.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Multi-Factor Authentication (MFA)

When a user selects the Keep Me Signed In or Do not challenge me on this device for <number> minutes/hours/days option, Okta generates a cookie to be stored in the user's browser. This cookie acts as a device token that uniquely identifies the device. If the cookie is not present during future authentication attempts, Okta will consider the device as new, challenge the user with MFA (if applicable), and attempt to store a new device token cookie.

How do users prevent repeated Multi-Factor Authentication prompts?

Perform the following actions to ensure Okta properly saves the device token cookie, preventing repeated MFA prompts:

• Configure web browsers to retain cookies upon closing instead of clearing them automatically.
• If manually clearing cookies, avoid removing Okta-related cookies.