<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A1CxCiCQKOkta Classic EngineOkta VerifyAnswered2024-02-26T15:31:18.000Z2024-02-21T18:51:07.000Z2024-02-26T15:31:18.000Z

IgorM.58984 (Customer) asked a question.

February 21, 2024 at 6:51 PM
User is not fall under manage/registered rules from time to time

We frequently use authentication policies that come with registered and managed rules. Moreover, we have integrated Crowdstrike to check our devices. However, I have noticed that sometimes, certain users are not being subjected to these rules, even though they are using the same machine and application. I can see that Crowdstrike is detecting the event, but the user is still not falling under the rules. Here's an example of logs like that:

device▼{

id:null,

name:null,

os_platform:null,

os_version:null,

managed:null,

registered:null,

device_integrator:"{\"CROWDSTRIKE\":{\"os\":93,\"overall\":98,\"sensorConfig\":100}}",

disk_encryption_type:null,

screen_lock_type:null,

jailbreak:null,

secure_hardware_present:null

},

 

As you may see, Okta Verify does not provide part of the device context.

 

Here is an example of a healthy log for the same user, same app, and same machine:

device▼{

id:"guo1033v430RDJ8O00x8",

name:"Mac14,9",

os_platform:"OSX",

os_version:"14.3.1",

managed:true,

registered:true,

device_integrator:"{\"CROWDSTRIKE\":{\"os\":93,\"overall\":98,\"sensorConfig\":100}}",

disk_encryption_type:"ALL_INTERNAL_VOLUMES",

screen_lock_type:"BIOMETRIC",

jailbreak:null,

secure_hardware_present:true

},

 

All information provided and user falls under the registered/managed rule.

We didn't change the laptop configuration or alter the OV configuration.

 

Could you please help me understand why this is happening and how to fix it? Is it something well-known? Maybe someone else had faced this issue too?

  • 3 answers
  • 339 views

  • Paul S. (Okta, Inc.)

    Hello @IgorM.58984 (Customer)​ Thank you for reacting out to our Community!

     

    Is the user doing anything different when signing in? Could the user be using something else that he would fall under a different policy?

    Have you also reviewed the system log to understand what could be different for this user?

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

     

    Earn Today: New Okta Community Badges Have Arrived

     

    Ask the experts about Okta Privileged Access 

    Expand Post

  • IgorM.58984 (Customer)

    Hi, Paul! Nope, they follow the same process. Same app, same machine, same network location, same behavior. The person literally sits in the same workplace and one time they get a "managed:null", in an hour or so they get a "managed:true". This looks as OV is not sending part of the device context or something. Or it is not adequately tracked on the back-end because, as you may see, we are always getting CrowdStrike scoring back.

    Expand Post

    • Paul S. (Okta, Inc.)

      Hello @IgorM.58984 (Customer)​  I would recommend to Open a case with Support to further troubleshoot this matter.

This question is closed.
Loading
User is not fall under manage/registered rules from time to time