JamesA.65802 (Customer) asked a question.
Extreme slowness using Desktop MFA Login with OKTA Verify
We are trying to get more information on people have problems with OKTA Verify and Desktop MFA Slowness. We are having 30+ second wait times for it to prompt for a factor when logging in. We are trying to correlate this slowness, OKTA support was unable to find anything conclusive.
Is anyone else experiencing this? The only correlative data we can find is that when users are on-premise or disconnected from their VPN software, it is speedy. But if they are connected to VPN at all, unlocking their computer takes 20-30 seconds before prompting for an MFA code and it is untenable.
Hi, @JamesA.65802 (Customer)
Thank you for posting on our Community page!
As my colleague on the Support case said, we have checked the logs and there is nothing that could indicate anything abnormal.
VPN connections usually slow down the authentication for any app and off-premise I suspect it could be network-related.
I will leave this question open for other Community users to chime in if they have seen this phenomenon as well and will revert if we see this in other cases.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Thanks - I am hoping to garner additional information if other customers are having the same problem. The way the support case was handled was not satisfactory, as OKTA is unable to provide specific information for us to work on troubleshooting (endpoints involved, etc.) for the communication flow for Desktop MFA. We're left shooting in the dark to figure out the problem for ourselves. Not the best experience.
James, we are experiencing the same issue with DMFA on devices connected via VPN. I've confirmed that these users have more than adequate internet connections (200 mbps+) and otherwise have no other issues. On these same devices, DMFA latency is not an issue when connecting via the corporate LAN. The only variable we have been able to isolate is the VPN issue. The strange thing is that we limit VPN traffic to only destinations on the LAN subnet. I would think the Okta challenge is calling directly to the web so it shouldn't be traversing the VPN at all.
A workaround we have found is to have the user disconnect from all networks (i.e. ensure they do not have any connection to the internet), have them sign in and use the Offline Passcode at the DMFA challenge, then have them connect to the internet once they are at their desktop. This is a clunky workaround and not something we are going to lean on long-term.
Thanks! This mirrors exactly our experience. Corporate lan is zero issue, and neither is pre-vpn login. However as soon as we connect eo either of our VPN options, authentication grinds to a hault.
OKTA support confirmed that the logs show that a delay of 30s is not normal, but because the authentication flow completes successfully they dont see "an error" and won't help look into it at all.
They were also unable to provide any whitelisting guidance or preferred routing for us to setup.. So we are kind of twiddling our thumbs over here.
Would like to roll this out to the organization but the pitchforks will come out quick if we try to with this slowness.
Hi all!
I am with the Product Team for Okta Device Access. We have a build that we think should fix this issue - would you be open to testing it out? @PantoC.27307 (Customer) @JamesA.65802 (Customer)
My email is jason.wong@okta.com.
Jason
Yep! i will email you!
Yes. I will email you.
Hello, what was the resolution for this? I am having same problem.