<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Okta Verify for macOS Repeatedly Prompts for Admin Credentials for Keychain Access

Multi-Factor Authentication
Okta Identity Engine

Overview

When using Okta FastPass for Device Trust deployment on macOS, Okta Verify repeatedly prompts for administrator credentials to access the keychain. This occurs because the certificate payload and the Simple Certificate Enrollment Protocol (SCEP) payload reside in different profiles, or Okta Verify lacks keychain access. Resolve this by placing the certificate payload and SCEP payload in the same profile and allowing all applications access within the Mobile Device Management (MDM) tool.

Applies To

  • Okta Identity Engine (OIE)
  • Device Trust
  • macOS
  • Okta Verify
  • Okta FastPass
  • Keychain Access
  • Simple Certificate Enrollment Protocol (SCEP)

Cause

During an Okta FastPass for Device Trust deployment on macOS, the administrator credentials prompt for Keychain Access appears. This happens because the certificate payload and the SCEP payload reside in different profiles, or Okta Verify lacks access to the keychain. The following image displays the administrator credentials prompt for Keychain Access.

 

Admin Credentials for Keychain Access

Solution

How is the keychain access prompt resolved?

 

Configure the Mobile Device Management (MDM) tool, such as Jamf Pro or another tool that fits the organization's guidelines, to enable the option that allows all applications access and to place the certificate payload in the same profile as the SCEP payload.

  • Enable the Allow all apps access option in the MDM profile.
  • Place the certificate payload in the same profile as the SCEP payload within the MDM tool.

 

The following image shows the Allow all apps access option enabled in an MDM profile.

Allow all apps access option   

Related References

Loading
Okta Support - Okta Verify for macOS Repeatedly Prompts for Admin Credentials for Keychain Access