<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Passkey Registration/Authentication Fails on iOS When Relying Party ID in Okta Is Set to a Root Domain
May 8, 2026
Okta Identity Engine
SDKs & Libraries
Overview

Passkey Registration and Authentication fails on iOS devices when the WebAuthn/FIDO Authenticator is configured for a custom Relying Party ID (RP) set to a Root Domain.

 

Origin parameter in client data doesn't match. clientData origin was https://{Root_Domain}

 

Applies To
  • Okta Identity Engine (OIE)
  • WebAuthn / Passkeys
  • iOS Native Authentication
Cause

The Root Domain used as the RP isn't set as a trusted Origin in the Okta Org.

Solution

After successfully completing the documented steps to set a custom RP ID value, an additional step is required: adding the Root Domain as a trusted origin to the Okta Org, if it is not already present.

  1. In the Okta Admin Console, navigate to Security > API > Trusted Origins.
  2. Add an entry for the Root Domain for CORS.

Trusted Domain CORS

 

Related References

Recommended content

Still looking for help?
Loading
Passkey Registration/Authentication Fails on iOS When Relying Party ID in Okta Is Set to a Root Domain