<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001NP63G0ATOkta Classic EngineMulti-Factor AuthenticationAnswered2025-09-30T15:57:30.000Z2025-09-16T16:57:17.000Z2025-09-30T15:57:30.000Z

SatoS.21262 (Customer) asked a question.

September 16, 2025 at 4:57 PM
MFA not working when logging into Vault for many users

Several users are not able to login to vault with the Okta authentication method. MFA was enabled recently, and users see a messsage that says "To finish signing in, you will need to complete an additional MFA step."

They never get a push notification or anything to their mobile devices where they are signed into Okta Verify, and after a minute or two it shows a 504 Gateway Time-out error.

Some iOs users have been able to resolve this by uninstalling Okta Verify and reinstalling it, but some android users have had no such luck.

 

Has anyone else seen this? Has anything worked for you to fix it?

  • 3 answers
  • 203 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @SatoS.21262 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    As of now I have not seen similar reports of issues with MFA authentication for Vault.  

    If the authentication works for all other apps except for that, I would start by reviewing the Authentication Policies configured for it and confirming they indeed apply for the affected users. 

    You can check this by sampling the events in the Okta System Logs for specific users to find what explicit policy is being hit when they attempt it.  

    I also recommend having the users go through or working with the users to go through the most common troubleshooting steps for this kind of situation.  

    If you exhausted the troubleshooting steps and continue to experience issues, please open a case with the Okta Support team to work with them to get to the bottom of things. 

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Join the discussion for our Ask Me Anything on September 29, 2025: Device Assurance. Ask our expert questions.

    Expand Post
    Selected as Best

  • BrandonB.06003 (Customer)

    Hard to tell but im guessing something may be wrong with the app authentication policy. its possible it requires a factor that users arent able to enroll in via the enrollment policy. make sure the enrollment policy for authenticators aligns with the required factors in the app signon policy

  • SatoS.21262 (Customer)

    The root cause was the users who were experiencing issues had multiple devices set up for MFA, and the MFA alert was going to one of their other devices than the one they had expected.

    The fix was removing the other devices and leaving just a single device for MFA.

This question is closed.
Loading
MFA not working when logging into Vault for many users