ScottS.89055 (Customer) asked a question.
We are having trouble where Okta user preferences are not remembered when using the Workday mobile app.
We have implemented SAML authentication for Workday. The authentication works as expected for Workday via web browser and Okta user preferences are remembered for that use case; however, we are having trouble with the Workday mobile app.
Every time the mobile app is launched, the user is prompted for authentication via Okta and when this occurs it does not remember the user's Okta preferences.
For example, our authentication policy for Workday requires MFA only once every 30 days from a unique device; however, even if you check the box "Do not challenge me on this device for the next 30 days", it will prompt for the second auth factor every time. Additionally, if using the Okta Verify app for the second factor, checking the box "Send push automatically" is not remembered.
This occurs on both Android and iOS.
This obviously creates a terrible UX and we're looking for options to fix it.
Hi there! Apologies for the lack of response to your question. Going forward, we're implementing a new process to ensure that all Discussions receive a response from either another Community member or from the Okta Support team within 7 days of posting. Thank you for your patience while we put this into action!
I know this question is a bit old now, but If you’re still looking for information or help I’d recommend reaching out to the fine folks in the Admin Pro Tips group to see if anyone there can help: https://support.okta.com/help/s/group/0F90Z000000EK23SAG/admin-pro-tips
Thanks 🙂
Hi, Was this question ever answered somewhere? I am running into the same issue with the Workday App.
For example, our authentication policy for in Okta Workday requires MFA only once every 30 days from a unique device; however, even if you check the box "Do not challenge me on this device for the next 30 days", it will prompt for the second auth factor every time. Any help would be appreciated.
@DoloresD.49976 (Customer) , I believe the issue is that the Workday mobile app doesn't store cookies for the SAML login web viewer. We solved the issue by changing settings in Workday itself so that users perform initial login to the mobile app via the Okta SAML login flow but after that they use their phone's local authentication - e.g. Apple Face ID - when accessing the app on subsequent visits.
By doing this, Workday mobile users rarely see the Okta login prompt when accessing Workday.
I appreciate you taking the time to respond. I will try your solution.
Thanks,
Dolores
Hi Scott,
Thanks for this post.
We enabled the mobile biometric authentication in Sandbox for testing and it works correctly without the OKTA SAML, but when we attempt to do this production it does not recognize this option. Is there a setting we are missing in Workday?
When looking at the application settings for login security the biometric option is disabled for the production app, unlike sandbox where it is enabled.
Regards
Phil