<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Verify Behavior on macOS Devices in Clamshell Mode
Jan 14, 2026
Okta Identity Engine
Okta Verify
Overview

Users authenticating with Okta Verify on a macOS device in clamshell mode (lid closed) may observe a specific prompt when Touch ID is unavailable. Previously, users may have encountered a verify in browser option. Currently, Okta Verify displays the following message:

 

Okta Verify is trying to verify your identity. Enter the password for the user '<user>' to allow this

 

This article clarifies whether this behavior is expected.

Applies To
  • Okta Verify
  • Okta FastPass
  • macOS
  • Touch ID
  • Okta Identity Engine (OIE)
Cause

When a MacBook operates in clamshell mode, the Touch ID biometric sensor is physically inaccessible and becomes disabled.

Solution

This behavior is by design. When Touch ID is unavailable, Okta Verify with FastPass automatically falls back to requesting the local macOS password. This password unlocks the secure enclave locally, allowing it to sign the authentication request. The password is not transmitted to Okta.

An external FIDO2 (WebAuthn) security key, such as a Universal Serial Bus (USB) or Near Field Communication (NFC) key, can be used as an alternative authentication factor to avoid password prompts while in clamshell mode.

Recommended content

Still looking for help?
Loading
Okta Verify Behavior on macOS Devices in Clamshell Mode