Issue
When using an embedded browser to complete OKTA biometrics SSO authentication in Windows, authentication fails.
Environment
This issue can occur under the following conditions:
- OKTA is the IDP for SSO.
- The authenticating user is utilising fastpass biometric auth.
- Always-on is configured for the user.
- The user is configured for embedded browser.
Solution
In the above setup, the combination of always-on and embedded browser will prevent the traffic flow generated by the OKTA fastpass biometric auth process from egressing the host NIC. The resolution steps for this case study aim to allow the traffic to egress without compromising the behaviour of always-on.
Configure the clients to utilise external browser:
or
Configure a low confidence policy to allow internet for users impacted:
or
Add a registry entry ForceAuthTrafficToTunnel under HKEY_LOCAL_MACHINE\SOFTWARE\CatoNetworksVPN, with value of 1 (DWORD)
0 comments
Please sign in to leave a comment.