Okta Verify for macOS Repeatedly Prompts for Admin Credentials for Keychain Access
Last Updated:
Overview
When using Okta FastPass for Device Trust deployment on macOS, Okta Verify repeatedly prompts for administrator credentials to access the keychain. This occurs because the certificate payload and the Simple Certificate Enrollment Protocol (SCEP) payload reside in different profiles, or Okta Verify lacks keychain access. Resolve this by placing the certificate payload and SCEP payload in the same profile and allowing all applications access within the Mobile Device Management (MDM) tool.
Applies To
- Okta Identity Engine (OIE)
- Device Trust
- macOS
- Okta Verify
- Okta FastPass
- Keychain Access
- Simple Certificate Enrollment Protocol (SCEP)
Cause
During an Okta FastPass for Device Trust deployment on macOS, the administrator credentials prompt for Keychain Access appears. This happens because the certificate payload and the SCEP payload reside in different profiles, or Okta Verify lacks access to the keychain. The following image displays the administrator credentials prompt for Keychain Access.
Solution
How is the keychain access prompt resolved?
Configure the Mobile Device Management (MDM) tool, such as Jamf Pro or another tool that fits the organization's guidelines, to enable the option that allows all applications access and to place the certificate payload in the same profile as the SCEP payload.
- Enable the Allow all apps access option in the MDM profile.
- Place the certificate payload in the same profile as the SCEP payload within the MDM tool.
The following image shows the Allow all apps access option enabled in an MDM profile.
