Some notes on “Why is Okta Credential Provider for Windows” not working – the most common things to check:
Is TLS 1.2 enabled on .NET ? Check here Okta ends browser support for TLS 1.1 | Okta under “Enable TLS 1.2 on .NET” and make sure all registry keys are set!
Is the user you are testing with already enrolled in a MFA? Okta Credential Provider for Windows does not support enrolling in a MFA.
A wrong username is assigned in the Okta app OR the Okta Credential Provider for Windows is sending a different username one as configured in the Okta app. → configure username in Okta app accordingly.
In a lot of cases you have to set it to “SAM account name”.
Ensure you click “Update Now” or unassign / reassign all users assigned to the application after changing the username format!
- Check the logs under C:\Program Files\Okta\Okta Windows Credential Provider\logs
Note: Be sure to install the Credential Provider with “RDP Only” option – then you can still troubleshoot in a console session, for example.
RDP Only – By default, the installed credential provider inserts Okta MFA between both an RDP and a local authentication event. Checking this box will remove Okta MFA from local (interactive) logons.