ivan_531 Posted June 17 Share Posted June 17 (edited) Hi, I have a problem with WS One when enrolling new PCs. Problem is only during enrollment process, current users (that are already enrolled) can normally login in WS One Intelligent Hub with OKTA. So, we use OKTA as IDP and that part works fine and I'm able to login with OKTA and see message "Enrollment starts..." but only for few seconds. After that, it stops with Local login screen and message "Failed to validate user credentials." We have configured default Access policy (in Workspace One Access) which primary use "OKTA Auth method" and if OKTA fails, then it use failback which is Local login. The problem is that also local login doesn't work. Previously we used AD login, but now it is the same problem. So, none of authentication methods works from Access. So, I'm assuming that from some reason it doesn't validate OKTA login for enrollment, and then it switch to failback login. This is strange, because login in WS One Intelligent Hub for already enrolled users works fine with OKTA. If we bypass authentication, so the users authenticate directly on UEM (without Access) that works. On other hand, Access is fully connected with UEM, so I'm not sure where is the problem. Did anyone had same issue with WS One? Also, everything works just fine last week, no one didn't touch any configuration and now it doesn't working. Edited June 17 by ivan_531 Quote Link to comment Share on other sites More sharing options...
ivan_531 Posted June 17 Author Share Posted June 17 UPDATE: Here is log from Access for my test user: Quote Link to comment Share on other sites More sharing options...
Employee Sascha Warno Posted June 19 Employee Share Posted June 19 Some things to check. The users in UEM have the same externalId as the users in Access? Also if you check in Hub Services under system settings does it show your UEM environment without error? Quote Link to comment Share on other sites More sharing options...
Solution ivan_531 Posted June 24 Author Solution Share Posted June 24 Hi, I was able to fix this by selecting Device Type "Windows 10+" in Access policy. From some reason, it doesn't work with default "All types". 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.