A failed authentication appears in the System Logs for a user attempting to access an application. The app sign-on policy is configured to allow access only from "Managed" devices. The device from which the user attempts to authenticate is expected to be managed, but the authentication fails. The following error message is present in the system logs:

Authentication of device via certificate FAILURE: NO_CERTIFICATE.

• Device Trust
• Multi-Factor Authentication (MFA)
• Devices
• Okta Identity Engine (OIE)

The user is still using an older version of the Okta Verify application, or the Classic device integration is still active in that tenant, and in situations where Okta Verify cannot be reached, the login flow will search for the classic certificate.

Troubleshooting steps to consider:

• Check the device status in Directory > Devices. Select the affected device to view its device management status.
• Check if the user is running an older Okta Verify version. Click on the Okta Verify icon in the system tray > About.
• Upgrade to the latest version of Okta Verify if necessary.
• Make a complete migration from Device Trust to Okta FastPass. To learn how to do so, please consult the Related References section of this article.
• If Desktop Device Trust was set up in the Classic Engine, verify it was also set up in OIE.

Related References

• Replace Desktop Device Trust with Okta FastPass
• After OIE upgrade - Certificate Prompt when Authenticating "Authentication of device via certificate - failure: NO_CERTIFICATE"
• Org Summary - Device Trust Desktop Registrations
• Migrate from Device Trust to Okta FastPass FAQ