zikp4 (zikp4) asked a question.
FIDO key AUTH
I added FIDO auth as an option in Admin console (Okta verify is required, FIDO is optional), I have a user who has no authenticators to reset, when she login to okta and is only asked to Auth with Okta Verify, fido does not list as an option for this user, I have seen it list for other users, this user does not have a mobile device either, so fido or okta verify on browser. \why wont this populate for her as an option.. browser is chrome, updated and windows is updated.
Hi @zikp4 (zikp4) , Thank you for reaching out to the Okta Community!
Please take a look a the following article see if this applies to your use case:
https://support.okta.com/help/s/article/What-admin-permissions-are-required-to-enroll-FIDO2-security-key-on-behalf-of-user?language=en_US
If that is not it, I recommend reviewing the requirements mentioned here and compare them with the user’s login flow/environment.
https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-webauthn.htm
https://help.okta.com/oie/en-us/content/topics/security/mfa/webauthn-compatibility.htm
Also make sure the user falls under the appropriate enrollment/authentication policies. For example if you rolled this out in batches to certain user group(s), make sure the user is member of the group(s).
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Earn Today: New Okta Community Badges Have Arrived