<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007cAFXwCAOOkta Classic EngineMulti-Factor AuthenticationAnswered2024-04-16T10:32:32.000Z2022-05-03T15:26:59.000Z2022-05-04T16:32:07.000Z

1skr7 (1skr7) asked a question.

May 3, 2022 at 3:26 PM
Google Authenticator Not working in Production, but working on Okta Preview

Hello,

 

 

ISSUE:

 

 When signing up in production, we get Okta verify MFA and not google for the group mentioned below (PORTAL_GOOGLEAUTH), but this works fine for Okta staging(Okta Preview) and we get "Google Authenticator" MFA in Okta Preview.

 

 

 

Details:

 

 

We have been trying to implement “Google Authenticator” option. We got it working on staging(Okta Preview) but not in production. What we have implemented is broken down in 3 steps.

 

 

 

  1.    Created a new group “PORTAL_GOOGLEAUTH”.
  2.    Created “MFAEXCEPTION_GOOGLEAUTH” rules which lets us add tenants (tenants for which we want to enable to “Google Authenticator” ) to group “PORTAL_GOOGLEAUTH” (mentioned above) so that “Google Authenticator” is enabled for certain tenants/clients only.
  3.    Added policy to use “Google Authenticator” for the “PORTAL_GOOGLEAUTH” (group).

 

 

 

Below is the Policy screenshot for Staging(Okta Preview):

 

 

Image is not available

 

 

   Below is the Policy screenshot for Production with same configuration as of Staging:

 

Image is not available

 

              We can see above both policies are same on Staging and Production, but only staging seems to be working.

Conclusion:

 

              Based on our understanding of Okta, Staging seems to be working as it should according to rules and policies that we have added to staging. However, production doesn’t seem to be working as it should be according to those rules and policies same as Staging.

 

  • 2 answers
  • 515 views

  • flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery)

    Hi @1skr7 (1skr7)​,

     

    Thank you for posting on the Okta community page!

     

    I would look over the system logs to see if the account used for testing is being evaluated by the new policy created. If it's not, I would look over the configurations to make sure that the test user is meeting all requirements.

     

    I saw in the screenshots that in the rule of the enrolment policy, you have the option "User is accessing" set to "Specific application" therefore you should make sure that the test user accesses the application and is being redirected to Okta for authentication in case you did not select Okta as well in the configuration.

     

    Another idea that comes to my mind, would be to reset a test user's MFA and try to perform the enrolment again.

     

    I hope the above information is helpful!

    Expand Post

  • 33k3w (33k3w)

    @flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery)​ 

     

    Thank you for your response.

     

    You are right about not selecting the Okta in production, but the important thing to note here is "Okta" is not even selected in the "Okta Preview" as well but it seems to be working fine.

    Expand Post
This question is closed.
Loading
Google Authenticator Not working in Production, but working on Okta Preview