<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Resolving Sign-in Issues for macOS Desktop MFA
Nov 21, 2025
Okta Device Access
Okta Identity Engine
Overview

This article provides steps to resolve multiple sign-in issues that can occur when using macOS Desktop Multi-Factor Authentication (MFA).

Applies To
  • Okta Device Access (ODA)
  • Desktop MFA
  • Okta Identity Engine (OIE)
Solution

The documentation below helps troubleshoot various sign-in issues with macOS Desktop MFA.

 

Method 1: Okta Verify Push Fails Immediately

Okta Verify push

 

  • If the push fails immediately with an error message that the push notification has expired or the user declined, the issue is most likely that the user is not assigned to the Desktop MFA app or that the user's push is not configured properly in the org.
  • Ensure App assignment and configuration profile for Desktop MFA are configured with the correct values.

 

Method 2: Okta Verify Code Fails with the following error

  • Ensure the user is using the Okta verify code from the account with their org URL. 

          Okta Verify code  Okta URL  

  • If the code is correct, verify if the Desktop MFA app is assigned to the user.
  • Okta System logs should show FAILURE : user_not_assigned if the user is not assigned to the Desktop MFA app.

 

Method 3: Device Access Code Incorrect

If this is failing with the message that the code is incorrect: 

  1. Ensure the user enters the code from the Okta Verify (OV) account that says “Device access code” as well as the Device Name or serial number and not the account with their org URL. 

One Time Password

  1. Verify that the user’s computer time is correct. If users manually change the computer clock or the clock is skewed for reasons like the computer being drained of power and brought back up offline, the clock will not be in sync with the user’s phone’s time, and the code will not work because it is a time-based code.

 

Method 4: Device Access Key Error

If the user sees the following error, even though they have keys under their org’s SettingsSecurity Methods > Security Key or Biometric Authenticator.

 

Device access key
You don't have any keys set up.
Set up a Security Key on your Okta Dashboard or contact your admin for help.

 

  • It is likely that the keys they have are not supported by DesktopMFA (for example, TouchID) 

or

  • The user attempted to click on the Device access key too many times, exceeding the API rate limit. This issue can be remedied by trying again after a minute.

You don't have any keys set up  

If the user encounters the following error, even if they have keys connected to the computer’s USB port, it is likely that the key is not being detected due to USB restriction mode on macOS.

 

Device access key
Insert a key into your Mac's USB slot.

 

Device access key - insert a key into your Mac's USB slot  

The key must be allowed to connect after logging in to be used for DMFA next time.

Allow accessory to connect  



Recommended content

Still looking for help?
Loading
Resolving Sign-in Issues for macOS Desktop MFA