After installing Windows Okta Verify version 6.9.0 or later, users are unable to enroll in OV, receiving the error Something went wrong. This occurs after the user receives the push notification and approves successfully.
Something went wrong
In the Okta Verify Event Viewer logs (Event Viewer > Applications and Services Logs > Okta), the following error can be seen:
Received API error: E0000158: Invalid Enrollment. User verification required.
ClientAccountManager.ResolveUvConfigurationWithOverride: Client configuration (Deferred) overrides stricter server requirement (UvRequired). This may cause authentication failures if the server requires UV post-enrollment.
[AccountEnrollment][WebRequest][OktaApiWebRequest.HandleErrorResponse]: Received API error: E0000158: Invalid Enrollment. User verification required.
[: Biometrics or Pin User Verification key is not provided.]- Windows Okta Verify Version 6.9.0 or Later
UserVerificationEnrollmentFlag Set During Install- Okta Identity Engine (OIE)
This issue occurs because the UserVerificationEnrollment flag is set to a lower strictness level than the org-wide setting.
If the Org-wide Okta Verify configuration is set to Required and the Windows Okta Verify flag is set to lower than Required, enrollment will fail.
- The Org-wide setting can be verified in the following location: Okta Admin Console > Security > Authenticators > Okta Verify > Actions > Edit.
As mentioned in the Okta Verify configurations for Windows devices documentation, the client-side configuration will override the org-wide setting only if it is more strict than the org configuration.
To resolve the issue, the client-side configuration should be set to equal or more strict than the org setting.
