The user got the following error in response to Okta Verify Push during the authentication after the Okta Identity Engine (OIE) upgrade:
Enable biometrics in Okta Verify.
Your response was received, but your organization requires biometrics. Make sure you meet the following requirements, then try again:
- Your device supports biometrics
- Okta Verify is up-to-date
- In Okta Verify, biometrics are enabled for your account
- Okta Identity Engine (OIE)
- OIE upgrade
- Okta Verify
- iOS/Android
This is caused by the User Verification setting in Okta Admin Console (under Security > Authenticators > Okta Verify > User Verification) being set to Required or Required with biometrics only instead of Preferred after the OIE upgrade.
Okta Admins can set the User Verification to Preferred, and enable user verification at the relevant authentication policies if desired.
Also, the Okta Admin can guide the End user to follow the steps below to upgrade the enrollment to OIE. Once all users are done, the Okta Admin can flip the User Verification back to Required:
- Okta Verify app has an in-app feature that detects if an enrollment was made on Classic and that the org is now on OIE.
- The Account details screen will show a Set up button under Ways to sign in > Okta FastPass.
- If the user clicks on the Set up button and follows the instructions to authenticate, they will enroll in OIE, and that will replace the v1 enrollment.
