Skip to main content

Okta Credential Provider for Windows – Troubleshoot

Some notes on “Why is Okta Credential Provider for Windows” not working – the most common things to check:

  1. Is TLS 1.2 enabled on .NET ? Check here Okta ends browser support for TLS 1.1 | Okta under “Enable TLS 1.2 on .NET” and make sure all registry keys are set!

  2. Is the user you are testing with already enrolled in a MFA? Okta Credential Provider for Windows does not support enrolling in a MFA.

  3. A wrong username is assigned in the Okta app OR the Okta Credential Provider for Windows is sending a different username one as configured in the Okta app. → configure username in Okta app accordingly.
    In a lot of cases you have to set it to “SAM account name”.

    Ensure you click “Update Now” or unassign / reassign all users assigned to the application after changing the username format!

  4. Check the logs under C:\Program Files\Okta\Okta Windows Credential Provider\logs

 

Note: Be sure to install the Credential Provider with “RDP Only” option – then you can still troubleshoot in a console session, for example.

RDP Only – By default, the installed credential provider inserts Okta MFA between both an RDP and a local authentication event. Checking this box will remove Okta MFA from local (interactive) logons.

Leave a Reply

Your email address will not be published. Required fields are marked *