<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Working with Okta Device Access Logs

Last Updated:

Okta Device Access
Okta Identity Engine

Overview

Locating and reviewing Okta Device Access (ODA) logs resolves troubleshooting roadblocks for authentication and synchronization issues. Okta Verify generates local log files on both Windows and macOS devices that capture detailed event data. Review these logs locally or through the Okta System Log to diagnose Desktop MFA and Desktop Password Sync errors.

Applies To

  • Okta Identity Engine (OIE)
  • Okta Device Access (ODA)
  • Desktop MFA (DMFA)
  • Desktop Password Sync
  • Okta Verify 

Solution

How does Okta display Device Access events in the System Log?

Access the Okta Admin Console and navigate to the System Log to search for Desktop MFA events and view detailed information about Multi-Factor Authentication (MFA) attempts and Single Sign-On (SSO) activity.

  1. Log in to the Okta Admin Console.
  2. Go to Reports > System Log.
  3. Search for "Desktop MFA" events to display events related to MFA attempts and SSO to the Desktop MFA application.

 

The following image displays an example of Desktop MFA events in the Okta System Log.

System log

  1. Select an event and click it to view more information.

Locate local logs on a Windows system.

Navigate to the local application data folder on the impacted Windows machine to find the Desktop MFA log files.

  • Local logs for DMFA reside at c:\windows\system32\config\systemprofile\appdata\local\okta device access\logs.
  • The log files use the format OktaDeviceAccessLog<yyyymmdd>.txt.

Where do macOS Desktop MFA logs reside?

Access the local log directory on the impacted macOS device or run a terminal command with root access to collect the Desktop MFA logs.

  • Find logs on the impacted device at /var/log/com.okta.deviceaccess/OktaDeviceAccess.log.
  • Alternatively, run the following command from an account with root or sudo access to collect the logs:
  • sudo log collect --start "2023-09-18 12:00:00" --output /tmp && tar cvf system_logs.logarchive.tar /tmp/system_logs.logarchive
  • macOS stores the output at /tmp/system_logs.logarchive.tar.

  

Find macOS Desktop Password Sync logs for Okta Verify.

Navigate to the shared group containers directory on the macOS device to locate the Okta Verify authentication service extension logs.

  • Find the OktaVerify.log file on the macOS device in the following location: ~/Library/Group\ Containers/B7F62B65BN.group.okta.macverify.shared/Logs.
  • The filename uses the format com.okta.mobile.auth-service-extension <DATE TIME>.log. For example: com.okta.mobile.auth-service-extension 2025-05-8--15-14-12-038.log.

 

The following image shows a failed metadata retrieval error, which usually indicates a typo in the Org URL or Client ID.

A failed to retrieve metadata error usually indicates a typo in the Org URL or Client ID

 

How does the terminal collect AppSSO Agent logs for macOS Desktop Password Sync?

Enable debug logging and reproduce the issue to generate AppSSO Agent logs that can diagnose errors during registration or password synchronization.

 

  1. Enable debug logging by running the following command:


sudo log config --mode "level:debug,persist:debug" --subsystem com.apple.AppSSO




  1. Reproduce the issue with Desktop Password Sync.
  2. Execute the following command within five minutes of reproducing the issue to generate a file called AppSSOAgent.txt:


log show --last 5m | grep -i AppSSOAgent > AppSSOAgent.txt






  1. Reset the logging to normal by running the following command:




sudo log config --subsystem com.apple.AppSSO --reset


 


Collect Platform SSO registration logs from the Setup Assistant screen


Open the terminal during the Setup Assistant screen to stream and collect Platform SSO (PSSO) logs for troubleshooting registration errors.


  1. Press Control+Option+Command+T to open the terminal before reaching the screen that experiences the error.
  2. Use the terminal to stream the various logs related to the process to local files.
  3. Run the following command to collect AppSSO logs:


log stream --predicate 'subsystem == "com.apple.AppSSO"' --debug | tee ~/sso_logs.log




      4. Run the following command to collect Okta Verify logs for PSSO:


log stream --predicate '(eventMessage CONTAINS[c] "okta")' --debug | tee ~/oktaverify.log


  1. Press Control+C in the terminal to stop log streaming once the issue replicates.
  2. View the logs in the terminal or launch Finder to review the generated files.






 






Related References


Recommended content
Still looking for help?
Loading
Okta Support - Working with Okta Device Access Logs