This guide walks you through configuring Okta Desktop MFA for Windows login, including:
Okta Verify enrollment
Creating the Desktop MFA app in Okta
Retrieving Client ID and Client Secret
Deploying Okta Verify for Windows
Testing Windows lock screen MFA
This setup enables Windows users to authenticate with Okta MFA at the Windows lock screen.
Requirements
Before you begin:
ARM-based Windows devices are not supported
Windows devices must be joined to Active Directory or Microsoft Entra ID
Users must have an active Okta account
Okta Verify must be installed on a mobile device (iPhone, iPad, or Android) or Windows device. You can learn more at the Okta Verify app installation.
Step 1 – Enroll in Okta Verify
Sign in to your Okta account
When prompted, set up Okta Verify
Install Okta Verify on:
iPhone / iPad (App Store) or Android (Google Play) for Okta login 2FA
Windows for Desktop MFA function (Step 4)
Scan the QR code shown on screen or use the setup link
Enter the verification code from the Okta Verify app when prompted
Step 2 – Enable Interaction Code
In Okta Admin Console:
This is required for Desktop MFA authentication flows.
Step 3 – Add the Desktop MFA Application
In the Admin Console, go to Applications → Applications
Click Browse App Catalog
Search for Desktop MFA
Click Add Integration
Configure the Application
You can:
Retrieve Client Credentials
After adding the integration:
These are required for Windows deployment via MDM.
Step 4 – Download and install Okta Verify for Windows
You can learn more at the Okta Verify app installation for Windows.
Step 5 – Test Windows Lock Screen MFA
After installation:
Lock the Windows device
At the sign-in screen, choose the Okta sign-in option
Enter your Okta username (we used username as an example at Step 3: Configure the Application.
Approve the request in Okta Verify or enter a One-Time Password (OTP)
You should now be able to authenticate using Okta Desktop MFA.
What Happens After Setup?
Once configured:
Windows login will require Okta authentication
Users will receive:
Push notifications
One-time passcodes
MFA is enforced at the Windows lock screen
Troubleshooting
MFA option not appearing on lock screen
Confirm device is AD or Entra joined
Confirm Desktop MFA app is assigned to the user
Installation fails
Ensure ARM device is not used












