JakobsenR.45066 (Customer) asked a question.
Using OIE, users have started to enrol multiple Okta Verify Push devices, which is causing issues with a MFA integration we are using.
We have a backend service, that uses the /authn endpoint to authenticate users before allowing them to use it, that completes the login process, including MFA.
The issue is that with users with multiple MFA devices enrolled, only the oldest receive the MFA notification (in the portal all devices receives it). The scenario is user A, has two devices phone A and B configured (A enrolled first). When they login they receive the MFA notification on Phone A, but not phone B.
We tested that we can get the list of factors, and reverse the order, such that phone B receives it (and not phone A), but it is not possible to get the multiple MFA verify requests to work.
Is there any solution to this?
https://developer.okta.com/docs/reference/api/authn/*idp-initiated-step-up-authentication
https://developer.okta.com/docs/reference/api/authn/*verify-push-factor
Hello @JakobsenR.45066 (Customer) Thank you for posting on our Community page!
I have done a test on my end and the MFA work fine on 2 phones with only 1 account. I was not able to find any documentation on this particular issue. As such I would recommend to open a case with Support to further investigate this matter and see what could cause this behaviour.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.