<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Okta Verify and macOS TouchID Fingerprint Removal Error

Last Updated:

Devices and Mobility
Okta Identity Engine

Overview

After removing a fingerprint (or multiple) associated with Touch ID on a macOS Device and then adding a fingerprint back, the users will be asked to Enable TouchID while displaying an error similar to the one below, namely a grey (unavailable) Disable Touch ID option:

"Your organization requires Touch ID. Click
Enable Touch ID to keep using this account"

Touch ID Error 

 

Applies To

  • macOS
  • TouchID
  • Okta Verify
  • Okta Identity Engine (OIE)
  • FastPass
  • Fingerprint Removal

Cause

If the end-user removes the Touch ID from the mac device, Okta Verify will try to find it but fail. Thus, based on the policies, the End-user will not be allowed to authenticate successfully.

 

If the customer adds a new Touch ID, the newly enrolled fingerprint will not be recognized by the Okta Verify app because the new Touch ID has its own ID, not the one Okta Verify has stored in its internal logs as a valid authentication source. This will cause a conflict within the app, forcing the user to re-enroll entirely in Okta Verify. 

Solution

If it has reached the point where a fingerprint was added to the app again and the issue persists, the solution is to remove the Okta Verify enrollment and start over.

Scenario 1: Okta Verify is Managed - The Administrator needs to reset the Account

Re-enroll directly in the app once the IT administrator has reset the Okta Verify authenticator. No need to delete the account first.

 

Action Steps

  1. Open the Okta Verify application on the macOS device.
  2. In the account list, locate the account that needs to be re-enrolled.
  3. Click the Re-enroll button that appears next to the account name.
  4. Follow the on-screen instructions to complete the setup process. This will re-link the account to the Okta service.

Scenario 2: Non-Managed Okta Verify - Manual reset of the Okta Verify app completed

Using the Reset Okta Verify option deletes all accounts. Each account must be re-added from scratch.

 

Action Steps

  1. Open the Okta Verify application on the macOS device.
  2. Click Add an account.
  3. Go to the organization's Okta sign-in page on a web browser and sign in.
  4. When prompted, click the button to set up Okta Verify.
  5. Follow the setup instructions, which will typically involve scanning a QR code or using a setup link to add the new account to the Okta Verify application.

 

Related References

 

Recommended content

Still looking for help?
Loading
Okta Support - Okta Verify and macOS TouchID Fingerprint Removal Error