<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Ways to Fix CrowdStrike ZTA debugContext Intermittently Showing Null that Caused Deny Access
Dec 12, 2025
Okta Classic Engine
Okta Identity Engine
Administration
Overview

This article provides a method to triage intermittent null Zero Trust Assessment (ZTA) scores from the CrowdStrike agent. These null scores can cause an Okta Device Assurance (ODA) policy to deny user access.

Applies To
  • Okta Integration Network (OIN)
  • CrowdStrike Zero Trust Assessment (ZTA) Agent
  • Okta Device Assurance (ODA) policy
Cause

This issue can occur when integrating ODA with an Endpoint Detection and Response (EDR) vendor, such as CrowdStrike. The problem often originates on the endpoint (the user's machine) during the syncing process between the CrowdStrike agent and Okta Verify.

The issue is confirmed by the following log entry, which shows an empty set of attributes. This log indicates that Okta attempted to retrieve the ZTA score but received no data, or the device was not recognized: 

Device Integrator{"CROWDSTRIKE":{}}


The presence of the log entry Device Integrator{"CROWDSTRIKE":{}} with an empty set of attributes strongly confirms that Okta tried to get the CrowdStrike score but received nothing (or the device was not recognized), causing the ODA Policy to correctly deny access.

Solution

The solution requires assessing the health of both the Falcon agent and the Okta Verify desktop application.

  1. Assess and review the Data File for both Windows and macOS, located at the following path: <OS_Path>\CrowdStrike\ZeroTrustAssessment\data.zta
  2. Follow the triage steps for the corresponding scenario:
    • Transient Score Loss

      • Verify if the Falcon Agent has any delay. The Falcon Sensor and ZTA service may take a few moments to stabilize and recalculate the score.

      • Check if the user attempted to sign in with Okta FastPass before the ZTA service updated the file.

      • Check if the machine has recently rebooted, as the agent may not be fully initialized.

    • Prolonged Score Loss

      • This scenario indicates the machine is likely offline or stale in CrowdStrike.

      • Check if the CrowdStrike plugin file is missing, corrupted, or pointing to the wrong file path.

      • Check if the ZTA service is running.

    • Score Loss

      • Re-enroll or re-register Okta Verify for the device. This action triggers the generation of a new CrowdStrike host ID.

      • Restart the machine to start the EDR and Okta Verify services again.

Recommended content

Still looking for help?
Loading
Ways to Fix CrowdStrike ZTA debugContext Intermittently Showing Null that Caused Deny Access