If you experience login issues on your Android with Okta FastPass (Phishing resistance MFA) in your local WiFi, for example no login possible in specific opps, the login flow just begins over and over again etc. – this post is for you!
There are some troubleshooting steps that you should take first before you do what I suggest doing further down in this blog post.
Android System Settings
- ensure Okta Verify is allowed to run in the background AT ALL TIMES
- ensure Okta Verify has NO battery saving measures activated (battery saving turned OFF)
- ensure that Okta Verify is allowed to send notifications, you should see “Sign in faster with Okta Verify” in the notifications AT ALL TIMES (you can mute this – but be careful to not mute too much – test it first)
On every Android device these settings are a bit different – so I won’t go into details on how to change these – I trust you to figure this out.
If this is done – next big thing is network. There are some network setting that can disturb how Okta Verify FastPass works.
How does it work?
Please read the following blog post.
https://www.okta.com/blog/2023/12/phishing-resistance-in-unmanaged-ios-devices/
It’s for iOS but some things to stand out: You can see in the sequence diagrams that a loopback server is used on the device.
Continued troubleshooting – make it work on Mobile Data
- Switch to Mobile Data? Does it work now?
- Stay on Mobile Data. Use a Private DNS, like Cloudflare. Read here on how to configure. Does it work now?
It works on Mobile Data but not on your WiFi? Great, you remember the loopback server?
Make it work in your WiFi
You can figure out the domain which is used quite easily by logging the DNS requests on your router, it’s
In very well known German routers, the AVM Fritz!Box, you can just allow DNS-rebinding for some domains. That’s where the setting is: