This article describes and addresses the scenario when end-users try to enroll in Okta Verify via mobile/desktop, and the following error occurs:
 

Operation Failed - invalidToken

• Multi-Factor Authentication (MFA)
• Okta Verify
• Devices
• Okta Identity Engine (OIE)

Some of the known causes of this error are:

• The user account status is not "Active".  
• The user utilizes the migration tool to transfer their existing content and settings from iCloud backup data. Additionally, this error may occur due to hardware changes or restricted permissions in custom operating systems, such as jailbroken devices.
  • NOTE: Jailbroken devices are not supported.
  • When Okta Verify is installed on a device, it creates unique device-specific credentials that are stored within the app and backed up along with the device data. However, if the device or operating system is changed, such as during migration through iCloud backup, it can render these stored credentials invalid for both the device and the organization.

Option 1: To resolve the error "Operation Failed - invalidToken" due to an invalid account status:

The user account status is displayed in the Status column on the People page and on a user's profile page. To access the People page:

1. From the Admin Console navigate to Directory > People.
2. To view a user's profile page, click the user name.
3. The User Account status may be reviewed under the account actions.
4. If the account status must show as "Active".

Example of a suspended account status.

 
In a "Suspended" account status, an Okta Administrator must Activate the account by clicking the Activate button.

For more information on User account statuses, see the Okta manual chapter: About user account status.

Option 2: To resolve the error "Operation Failed - invalidToken" due to a mobile device being restored from backup:

1. If an enrollment exists in the Okta Verify app, delete the account - if not, move on to step 2.
   • iOS: Manage Okta Verify accounts on iOS devices
   • Android: Open App > Choose Account > Select Remove Account.
2. Uninstall Okta Verify app from the device.
   • iOS: Delete the Okta Verify app from an iOS device
   • Android: Delete the Okta Verify app from an Android device
3. Delete the enrollment from the Okta account.
   • Detailed in the video for the article How to Reset Your Okta Verify Token.
4. Reboot the device.
5. Reinstall the Okta Verify App from the App Store / Play Store to ensure the latest version is installed.
   • iOS: Apple Store
   • Android: Google Store
6. Attempt to re-enroll account in Okta Verify app.
   • iOS: Set up Okta Verify on your iOS device with a QR code
   • Android: Set up Okta Verify on your Android device with a QR code

Option 3: Clear Account History from Okta Verify App

When a user scans the QR code, the app still prompts with "Couldn't Add Your Account. Operation Failed - invalidToken". 

Go into the phone's settings, then find the Okta Verify settings and choose the "Clear Account History" button. This will clear out the Okta app, and the user will be able to successfully add an account to the app.

Option 4: Due to an Okta Verify Application Enrollment issues for iPhone 15 running iOS 17

Option 5: Report an Issue to Support

If the options above do not resolve the issue, please "Report an Issue" or submit an Okta Verify Log from a mobile device (iOS / Android) and open a ticket with Okta Support.

Related References

• Manage Okta Verify accounts on iOS devices
• Delete the Okta Verify app from an iOS device
• Delete the Okta Verify app from an Android device
• How to Reset Your Okta Verify Token
• Set up Okta Verify on your iOS device with a QR code
• Set up Okta Verify on your Android device with a QR code
• About user account status