MatthewH.10249 (State of Iowa) asked a question.
I have a pretty reputable/knowledgeable user (lead developer) that was having issues with his AD account being locked on a VM. He did not know his account was locked and when he went to login elsewhere he would get prompted by Okta Verify to provide his biometrics like normal but could not get past the biometrics. It was not until he would get the account unlocked that he could get past biometrics. During initial evaluation before he found out what was locking his account he had wondered if the biometrics could lock his account. I could not find any documentation to back that claim up and was later debunked but at that time he disabled his biometrics using the following information but even after restarting Okta Verify and his Android phone he continues to get a biometric prompt for Okta Verify.
https://help.okta.com/eu/en-us/Content/Topics/end-user/ov-config-biometrics-android.htm*Disable
My two question to the Community are:
- Is there any documentation like a knowledge base article that talks about how a locked account will impact Okta Verify biometrics?
- If a user disabled biometrics in Okta Verify but continues to get prompted for biometrics what can be done other than uninstalling and reinstalling Okta Verify?
Thanks and I hope you are having a great day!
Hi, @MatthewH.10249 (State of Iowa)
Thank you for posting on our Community page!
In my opinion, the best solution would be to un-enrol and re-enrol.
Basically, you need to remove the account and the device and re-enrol them.
There are two steps to remove:
1. In Okta Verify app, go the "Account details", then click on "Remove account" under "Manage account". You will again see the verify popup followed by the "Verify your identity", but then the delete should be successful.
2. Go to your End User Dashboard to remove your Okta Verify enrollment for this phone. To go to End User Dashboard, sign in with yourcompany.okta.com as you usually would, then go to Settings. Scroll down to Extra Verification or Security Methods section. find Okta Verify, and find your device. You should see a "Remove" button next to it. Click that to complete the removal of this account. NOTE: it is OK if you see the "Sync biometric" notification again from OV when you respond to push. You'll just have to use your password or the code sent to your phone SMS to complete the sign in also (depending on what other than Okta Verify you have set up).
Once "Remove" is complete, you should re-enroll RIGHT AWAY. Click the "Set up" or "Set up another" button next to Okta Verify. Follow the steps to get a QR code, and enroll.
For clarity, even if you remove biometrics from the device settings, if they are asked for by the authentication policies, OV will keep asking for them.
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
Watch and Learn: New Okta how-to videos, plus what's new this month in the May newsletter.
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________