RobertS.80222 (Customer) asked a question.
I have followed all the steps in the "Enable Desktop MFA recovery for Windows" documentation https://help.okta.com/oie/en-us/content/topics/oda/windows-mfa/desktop-mfa-recovery-win.htm
I have enrolled the device in Intune, applied the SCEP ;policy and see the successful installation of the cert on the device. The device is Managed and Registered in OKTA. Even though I am using a Super Admin account, I went ahead and created a specific Role for managing devices and applied it to my account.
However, whenever I go to generate the Recovery PIN, I get an error:
Cannot generate PIN
The device must have been online recently and have SCEP configured correctly.
- Check that SCEP is configured correctly
- Try to bring the device back online
I am accessing the OKTA portal from that device and all of the apps I have assigned without an issue, the Desktop MFA works for authentication on and offline, and there are no errors in the Okta Device Access logs in Event Viewer.
Hello @RobertS.80222 (Customer) , thank you for contacting Okta Community!
This issue seems too complex to be addressed here. I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
You could also check this article for some generalized troubleshooting tips:
Troubleshooting Desktop MFA for Windows
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Just released: More Okta Community badges just added