<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
PowerShell Script Signing Certificate Update in Okta Verify for Windows
Oct 23, 2025
Multi-Factor Authentication

Overview

Due to the upcoming expiration of our previous code signing certificate, an upgrade to v5.6.6 or higher is required to avoid disruption to auto update workflows. In addition, Okta has updated the certificate used to sign PowerShell scripts. If using the "Allsigned" Group policy and deploying Okta Verify v5.8.1 or higher, be sure to deploy the updated certificate.

Audience

  • Customers who use Okta Verify for Windows

Impact Dates:  

  • Customers who use Okta Verify Windows and are on a version older than v5.6.6
    • DATE TBD - v5.9.x release date is TBD
  • Customers who use the “AllSigned” Group Policy
    • April 23, 2025 - Early Access (EA) - Okta Verify v5.8.1
    • May 6, 2025 - General Availability (GA) Production - Okta Verify v5.8.1

 

Solution

Windows Okta Verify runs several PowerShell scripts during installation and uninstallation. In version 5.1.3, the process-level execution policy for these scripts is set to Unrestricted. This allows Okta Verify scripts to run, even in environments where the local machine execution policy is restrictive. Since the process-level execution policy overrides the local machine or current user execution policies, this allows Okta Verify to execute its scripts on installation and uninstallation.

 

However, the process-level execution policy will be overridden by a GPO-defined user or machine policy. Therefore, if setting the execution policy via GPO, certain actions must be taken to ensure that Okta Verify can execute its scripts.

 

Required Actions 

Due to the upcoming expiration of our previous code signing certificate, customers who are on Okta Verify Windows v5.6.5 or lower need to upgrade to v5.6.6 or higher to avoid disruption to auto update workflows. While we don’t have a set date, please take action as soon as possible to avoid any disruption in service in the future.

 

In addition, Okta has updated the certificate used to sign PowerShell scripts. For the small subset of customers using the "Allsigned" Group policy and who have deployed Okta Verify Windows v5.8.1 or higher, be sure to deploy the updated certificate as outlined in this KB article. If you do not take action by May 6, 2025, your installs may fail. 

 

Additional Support 

If you have any questions, please reach out to your Okta representative or use our multiple support resources in the Okta Support Center

Recommended content

Still looking for help?
Loading
PowerShell Script Signing Certificate Update in Okta Verify for Windows