Overview
This article highlights the scripts run by Windows Okta Verify upon installation and uninstallation.
Please refer to Microsoft’s documentation of the PowerShell execution policy for background information.
Applies To
- Windows Okta Verify
- Multi-Factor Authentication (MFA)
Solution
Windows Okta Verify runs several PowerShell scripts during installation and uninstallation. In version 5.1.3, the process-level execution policy for these scripts is set to Unrestricted. This allows Okta Verify scripts to run, even in environments where the local machine execution policy is restrictive. Since the process-level execution policy overrides the local machine or current user execution policies, this allows Okta Verify to execute its scripts on installation and uninstallation.
However, the process-level execution policy will be overridden by a GPO-defined user or machine policy. Therefore, if setting the execution policy via GPO, certain actions must be taken to ensure that Okta Verify can execute its scripts.
|
Execution Policy Set via GPO |
Execution Policy Scope |
Required Action to allow Okta Verify to run scripts |
|---|---|---|
|
|
User or machine |
Trust Okta Verify’s code signing certificate as a trusted publisher (link below). |
|
|
User or machine |
No action is needed. Okta Verify’s scripts are treated as local and exempted from the signing enforcement. |
|
|
User or machine |
This will block all scripts from running, including those used by Okta Verify. Therefore, this execution policy will prevent the proper installation and uninstallation of Okta Verify. |
|
|
User or machine |
No action is needed. |
- Download and extract the attached certificates.zip folder to find two certificate files.
- Users installing or upgrading to Windows Okta Verify 5.8.1 or higher must use the new certificate included in the folder (code_signing_cert_02_2028.crt).
- Previous versions of Windows Okta Verify (below 5.8.1) will continue to function with the original certificate (code_signing_cert.cer).
