Skip to main content

Search

How to enroll in Okta Passwordless

Kevo
  • Updated

Enroll in Okta Passwordless

For more information about what Okta Passwordless is and why it’s being implemented at Netflix, refer to our Learn About Okta Passwordless article.

What is Okta Passwordless Technology?

[VIDEO]

Video Transcription 

What's up, Netflixers?! Let's talk about passwords and how they're not as secure as we once thought.

Thirty-two percent of internet users reuse the same password across five to 10 websites and apps. Other surveys have found even higher rates of reuse, with 53% of people using the same password across multiple accounts. And did you know that passwords are hacked every 39 seconds? That's right: Every 39 seconds! And let's be honest, how many of us reuse the same password across various sites? We know who you are. 

Just kidding! We don't, but someone out there does and will take advantage of that. But no need to worry. Our security engineering partners have a solution to combat this issue. We're moving away from passwords and MFA push notifications to new types of authenticators that are resistant to phishing and spam attacks. Instead of having to enter a password and take out your phone to approve a notification, you can now sign in with just a tap of your fingerprint, glance of your face, or a PIN! With this new change, bad actors won't be able to trick you into giving away your credentials, compromising your account and risking Netflix's corporate resources. 

So what are you waiting for? Enroll now at go/oktaenroll and see go/passwordless to help you through the onboarding experience.

Using the Migration Assistant to Enroll Into Okta Passwordless.

[VIDEO]

Video Transcription 

Welcome to the Okta Migration Assistant, where you will act on your enrollment. We advise that you set aside a dedicated 45 minutes of uninterrupted time to focus on the enrollment process. This will allow you to understand the steps you're taking to enroll. 

Now, let's go through the user interface. This page will contain an enrollment status in the left menu pane which will let you know where in the workflow you are. At the top of the screen are resources available for step-by-step guidance under Troubleshooting or a link to our support channel #ntech-help, where you can get live assistance. 

Under What to Expect, you can find information on how the authentication process will look after enrolling into Okta passwordless. Under Track Your Progress is where the link to the enrollment page will be provided in the event you do have to step away. Again, it's recommended to perform this during the dedicated time set aside to ensure a smooth enrollment. 

go.netflix.com/okta is the shortened URL for wic.prod.netflix.net, where you will ultimately be able to administer your own passkeys after enrollment has been completed. 

Under Enrollment Requirements is information about what is needed for a successful enrollment. If you're working from a desktop computer, you will need a security key to enroll. You can place an order at go.netflix.com/yubikeyrequest. It is also advised that you have your laptop open so you can access the biometric fingerprint reader on the built-in keyboard. 

In the lower left corner is a button that will allow you to schedule time to complete the Okta passwordless enrollment process. To continue, select I have 30 minutes of uninterrupted time, let's start. You'll be met with a questionnaire to let the service know what systems you'll be working from and enrolling with. If you're unsure about a device, select the option that contains I'm not sure. Based on your answers, you'll receive a summary of what passkeys will be enrolled and on which device. Continue to the instructions. 

On the following screen in bold text, you're instructed to set up your first type of passkey. If at any point you need to start over, use the Restart button at the top of the screen. The screenshots below let you know what's to be expected when you proceed to enroll the passkey. Scroll down and select Open Okta to start. Select Set Up twice to proceed, and when you're met with the Create Passkey modal, select Continue to use your biometric fingerprint reader to save the passkey. 

We'll now continue to enroll your mobile device. Select Continue, and you'll be met with a similar screen as earlier. Scroll down and select Open Okta to enroll your mobile device this time. Authenticate with the new passkey by using your fingerprint to proceed. Select Set Up twice on the following modal screens. This time, you'll be presented with a QR code, which should be scanned by your iPhone's camera or a QR code scanner on Android installed in the work profile (if you have one). Once added, select Continue to move on to Okta Verify. 

What is Okta Verify? Okta Verify is an identity tool that uses Okta FastPass technology to allow you to authenticate with a passkey. Some services, like Ivanti VPN, don't support WebAuthn or passwordless technology, so the use of Okta Verify transfers your local passkey to the Ivanti service by way of Okta FastPass. 

Select “this link” to open the workflow and select Open Okta Verify. A new window will open. Select Add Account to start and authenticate with the requested biometric passkey. On the following screen, select Enable to turn on the fingerprint reader for Okta Verify. 

You can now manage additional or current passkeys on your own by visiting go.netflix.com/okta and follow the instructions listed here or at go/passwordless. Congratulations! You're now successfully enrolled into Okta passwordless.

If you experience any issues, review the content in Troubleshoot Common Okta Passwordless Issues.

Requirements for Successful Enrollment 

Netflix Animation:  NAS Sydney and NAS Vancouver 

  1. Verify your phone and computer’s operating systems are up to date with the latest version.
    1. Windows 10/11
    2. macOS Sonoma
    3. iOS 17+
    4. Android 14
  2. Ensure Google Chrome is up to date. 
  3. In Google Chrome, visit chrome://extensions and disable any AdBlockers.
  4. iCloud users only:
    1. iCloud Keychain is enabled and sync is turned on for macOS and iOS devices.
    2. Ensure these Mac and iPhone settings are on:
      1. On your mac, select System Settings, then AppleID, Sign-in & Security, and Two-factor Authentication. Is this set to On?
      2. On your mac, select System Settings, then AppleID, Sign-in & Security, and iCloud. Is Passwords & Keychain set to On?
      3. In the same setting if you click into it, is Sync this Mac set to On?
      4. On your mobile device, confirm all the same settings are the same as these.

Netflix Animation:  NSa and NAS Burbank 

  1. Check your device is enrolled in Endpoint Management.
  2. Verify your phone and computer’s operating systems are up to date with the latest version.
    1. Windows 11
    2. macOS Sonoma
    3. iOS 17+
    4. Android 14
  3. Ensure Google Chrome is up to date. 
  4. In Google Chrome, visit chrome://extensions and disable any AdBlockers.
  5. iCloud users only:
    1. iCloud Keychain is enabled and sync is turned on for macOS and iOS devices.
    2. Ensure these Mac and iPhone settings are on:
      1. On your mac, select System Settings, then AppleID, Sign-in & Security, and Two-factor Authentication. Is this set to On?
      2. On your mac, select System Settings, then AppleID, Sign-in & Security, and iCloud. Is Passwords & Keychain set to On?
      3. In the same setting if you click into it, is Sync this Mac set to On?
      4. On your mobile device, confirm all the same settings are the same as these.

Netflix Corporate: @netflix.com, @netflixcontractors.com, @netflixvfx.com

  1. Check your device is enrolled in Endpoint Management.
  2. Verify your phone and computer’s operating systems are up to date with the latest version.
    1. Windows 11
    2. macOS Sonoma
    3. iOS 17+
    4. Android 14
  3. Ensure Google Chrome is up to date. 
  4. In Google Chrome, visit chrome://extensions and disable any AdBlockers.
  5. iCloud users only:
    1. iCloud Keychain is enabled and sync is turned on for macOS and iOS devices.
    2. Ensure these Mac and iPhone settings are on:
      1. On your mac, select System Settings, then AppleID, Sign-in & Security, and Two-factor Authentication. Is this set to On?
      2. On your mac, select System Settings, then AppleID, Sign-in & Security, and iCloud. Is Passwords & Keychain set to On?
      3. In the same setting if you click into it, is Sync this Mac set to On?
      4. On your mobile device, confirm all the same settings are the same as these.

Hardware Requirements for Okta 

Most users will have authenticators, like Windows Hello or macOS TouchID, ready and available on their devices. However, there are a number of corner cases described here—along with some recommendations.

Ensure all of your device’s operating systems are up-to-date with the latest version before enrolling.

Bluetooth#

A bluetooth enabled device is not required for enrollment, but users with devices without bluetooth will need to either use a Yubikey or add a bluetooth module to their device.

For any bluetooth enabled device, Bluetooth for Chrome must be enabled.

macOS#

The macOS Ivanti VPN proxy client is not able to use passkeys and requires Okta Verify. Okta Verify on macOS authenticates with either Touch ID or the macOS system password—the same password the user uses to unlock their MacBook when not using Touch ID. Users who prefer the biometric option but cannot use the built-in Touch ID sensor, due to a closed lid or being on a desktop, have the option to purchase and expense an Apple Magic Keyboard with Touch ID or set up Okta Verify to use the local machine password by following the Closed laptops with external monitors section.

Windows#

Users need to be able to verify their identity with Windows Hello. This requires a PC with facial recognition, fingerprint, or PIN verification options. 

Desktop users or users who need an option when their laptop is docked and have chosen to use biometrics can purchase and expense any fingerprint reader that supports Windows Hello, such as this one.

Chromebook#

Users will set up a password that is used as a desktop passkey. A desktop passkey is still the safer option to create than having a local computer password.

Refer to Okta Passwordless: Connect to Ivanti VPN on Your Chromebook after enrolling to learn how to connect to VPN.

Linux#

On Linux, the only supported passwordless authenticator is a YubiKey. A YubiKey Bio is the only supported way to perform passwordless login in the VPN client on Linux, so if you choose to use Linux and you must access the VPN, you will need to acquire and set up a YubiKey Bio before enrollment. Note that during the YubiKey Bio enrollment, you will first be asked to set up a PIN for the security key. You will also be given the option to set up a fingerprint, but you are not required to do so.

YubiKeys#

Regardless of the brand, the security key must be a version that supports FIDO2, not U2F or the previous FIDO protocol. Yubikey Series 5, the Security Key series, which includes the nano, and the YubiKey Bio series support this. A pin code will be required to set up any security key as a failsafe in the event the biometric fails. This pin code will be used in the event the security key needs to be reset.

Store this pin code somewhere secure and note that this pin code is different than the Windows Hello PIN.

Check a YubiKey’s version by visiting https://yubico.com/genuine.

Request a YubiKey from the Yubikey Order Form.

iOS and Android#

All supported iOS and Android devices work with Okta Passwordless without any additional hardware.

Follow the enrollment workflow 

  1. Visit https://ssoenroll.prod.netflix.net/.
  2. Set aside 10–30 minutes to complete the enrollment process or use the Schedule time complete option to put time in your calendar. 
  3. Select I have 10-30 minutes of uninterrupted time, let’s start.
  4. Answer the questions about the devices you’ll be enrolling into Okta Passwordless.
    1. You can adjust your answers later if needed.
  5. Check the summary of information and recommendations for setup.
  6. Select Continue to instructions.
  7. Read through the steps for setting up your first passkey.
  8. Select Open Okta. A new window will open. 
    1. Move this window to the side to view the instructions on the setup window as needed.
  9. Follow the steps to set up your first passkey.
  10. A window will appear instructing you to Create a passkey for wic.prod.netflix.net.
  11. Select Continue.
  12. If you choose to use your biometric reader, you can use it to set up the first passkey. If your laptop is closed, you'll be prompted to enter a manual passkey.
  13. The first passkey is now saved. Select Continue.
    1. The next page will instruct you on setting up the second passkey.
  14. Select Open Okta.
  15. Sign in with the newly created passkey from step 10.
  16. Follow the steps to set up a second passkey.
    1. If you’re using an Android mobile device, all actions should be taken on your Work profile, not your personal profile. Using your personal profile will result in errors.
    2. If the Android device does not have a camera in the Work profile—Work profile apps are denoted by a briefcase icon—one must be installed from the Work profile Google Playstore to successfully set up a passkey in the correct profile.
    3. Verify the biometric unlock is configured by opening the Okta Verify application and selecting the Device Health icon which appears as shield with a tick in it or access your device’s Settings and verify Face & fingerprint unlock is active in your Work profile.
  17. A window will appear instructing you to Create a passkey.
  18. Select the option Use a phone, tablet, or security key and read the instructions carefully there are steps to either scan a QR code or create a passkey on a USB security key.
  19. Select Continue.
  20. Follow the steps to set up Okta Verify, which allows you to connect to the Ivanti VPN client.
  21. On the following step under Set up Okta Verify on your devices, choose your operating system. It's recommended that you read through the instructions to familiarize yourself with how Okta FastPass works with Okta Verify.
  22. Once completed, select this link to launch the Okta Verify application.
  23. Select Add Account.
  24. Proceed with your biometric passkey.
  25. On the Enable Touch ID or password confirmation screen, select Enable.
  26. Re-open the Okta Verify application and select your name.
  27. Select Add Account to a New Device.
  28. Authenticate with your biometric or manually entered passkey.
  29. Download the Okta Verify application on your mobile device and select +
  30. Select Organization.
  31. Select Add Account from Another Device.
  32. Select Continue to allow bluetooth.
  33. Select Scan QR Code.
  34. Allow the application access to your camera by selecting Allow.
  35. Scan the QR code from the Okta Verify application on your laptop.
  36. In the Enter Your PIN from Another Device, enter the PIN from the mobile device.
  37. You can Allow notifications or Skip on the following screen.
  38. Allow faceID.
  39. In the Okta Enrollment screen on your laptop, select Finish Enrollment.
  40. You’re successfully enrolled!

To add, remove, or manage passkeys, review the Managing Passkeys For Other Devices dropdown.

Set up Okta Verify on your computer 

MacOS 

Okta FastPass is used to authenticate to Okta Verify. Okta Verify connects to VPN and other services. Okta Verify on a computer is intended only for Windows and macOS.

Note: Okta Verify may already be installed and in your computer's Applications folder; if it is installed, please continue with Step 1.

If Okta Verify is not installed, your computer may need to be enrolled in Endpoint Management; visit Self-Enroll in Endpoint Management to do so. Once completed, come back to this article to complete setting up Okta Verify.

For users without an extended monitor, Okta Verify can be found to the right of the camera notch, an area commonly referred to as the menu bar. If you can't find the app, configure the scale of Okta Verify.

Users with extended screens should be able to find the app in the menu bar.

  1. Locate Okta Verify in the menu bar at the top of your screen.
  2. Select Open Okta Verify. 
  3. A Welcome to Okta Verify pop-up will appear. Select Get Started.
  4. On the How it works screen, select Next.
  5. Under New Account, a sign-in URL should be pre-filled with:
    1. https://wic.prod.netflix.net. 
    2. If not, copy https://wic.prod.netflix.net and paste it into the text box.
  6. Select Next.
  7. A new pop-up window will appear to complete sign-in using a pre-registered passkey.
  8. Once you sign in, the Okta Verify desktop application will confirm that you want to use Touch ID and then complete registration. Select Enable.

Windows 

Please note: Okta Verify may already be installed and in your computer's Programs folder; if it is installed, please continue with Step 1.

If Okta Verify is not installed, your computer may need to be enrolled in Endpoint Management; please visit Self-Enroll in Endpoint Management to do so. Once completed, come back to this article to complete setting up Okta Verify.

  1. To set up Okta FastPass on your primary device, search for the Okta Verify app on your system.
  2. A Welcome to Okta Verify pop-up will appear. Select Get Started.
  3. On the How it works screen, select Next.
  4. Under New Account, a sign in URL should be pre-filled with:
    1. https://wic.prod.netflix.net.
    2. If not, copy https://wic.prod.netflix.net and paste it into the text box. Select Next.
  5. Complete the sign-in using a previously registered passkey.
  6. Enter your Windows Hello passkey of choice.
  7. Once you sign in, the Okta Verify desktop application will confirm that you want to use Windows Hello and then complete registration. Select Enable.

Closed laptops with external monitors 

This is highly beneficial if you’re working with a closed laptop and need another method to authenticate to VPN.

  1. Open the Okta Verify app.
  2. Select Add account from another device.
    1. A window will appear asking for an 8-digit code from the other device.
  3. Open the Okta Verify app on your mobile device.
  4. Click into the current passkey to view more details.
  5. Select Add account to another device.
  6. A QR code will appear with an 8-digit code.
  7. Enter the code into the window on your laptop
    1. You’ll receive a 6-digit code, which will need to be verified within the mobile app
  8. Enter the 6-digit code.
  9. Select Got it on the mobile app.
  10. On the laptop, select Enable to allow the use of your laptop password to authenticate into Okta FastPass.
  11. When signing into Okta Verify with your laptop closed, you’ll now be able to enter your computer password.

Set up Okta Verify on your mobile device 

On your phone, and any other Windows, Android, or Apple devices you use to access Netflix resources:

  1. Download Okta Verify from the Apple Store or Google Play Store and install it on your device.
    1. On Android, make sure to install it on the Work Profile. If you scan the QR code with an app not in your work profile the Passkey will be associated with the wrong Google account.
  2. On your device that has Okta Verify already set up, such as your laptop, open Okta Verify and select Your Account, then select Add Account to New Device.
    1. Authenticate when prompted.
    2. A QR Code will be generated.
  3. Open the Okta Verify app on your mobile device and select Add Account then follow the instructions.
    1. If prompted to Choose Account Type, select Organization.
  4. When asked Add Account from Another Device?, select Add Account from Another Device.
  5. Select Scan QR Code and scan the QR code generated from your other device.
  6. Follow the prompts to complete your account setup.
  7. Repeat these steps on any other secondary devices to register Okta FastPass in the Okta Verify app.

Manually Set Up Okta Verify on Mobile Device 

If you are unable to follow the steps to set up Okta Verify from another device use these steps:

This method requires a passkey to be set up on the mobile device first. Reference How To Manage Okta Passkeys to add one if needed.

On your phone, and any other Windows, Android, or Apple devices you use to access Netflix resources:

  1. Download Okta Verify from the Apple Store or Google Play Store and install it on your device.
    1. On Android, make sure to install it on the Work Profile.
  2. From Add Account from Another Device?, select Skip, then No, Sign In Instead.
  3. Enter the sign-in URL wic.prod.netflix.net and select Next.
  4. Enter your email address and sign in using the mobile passkey created in the earlier steps.
  5. Follow the prompts to complete your account setup.
  6. Repeat these steps on any other secondary devices to register Okta FastPass in the Okta Verify app.

Manage passkeys for other devices 

Set up additional passkeys on your other Netflix-issued devices, including mobile phones and secondary desktops, that access Netflix resources. You can view and manage all of your passkeys at https://wic.prod.netflix.net/. Sign in, select your Name, then Settings. The passkeys are in the section labeled Security Methods and are split up into two sections:

  • Okta Verify:

These are the Okta Verify apps set up on your devices. This is commonly referred to as Okta FastPass.

  • Security Key or Biometric Authenticator:

These are identified by:

  • MacBook Touch ID
  • Windows Hello Hardware Authenticator
  • Authenticator (such as a Yubikey)
  • Security Key or Biometric which include iCloud, Google Password Manager, Chrome Profile, Chromebook, and Cellphones

Tip: Give your passkeys a nickname so they're easily identifiable. We recommend to create a passkey for all of your Netflix-issued devices, including mobile phones and secondary desktops, that access Netflix resources. We also recommend to have passkeys stored on the various tools (Google Password Manager, Chrome Profile) and services (iCloud) that are available so that when one method fails, you can use another to log in.

Add a new passkey for your device 

  1. On your computer, navigate to go.netflix.com/newpasskey.
  2. Verify using an existing security key or biometric authenticator. 
  3. Select Set up, then Set up again.
  4. A pop-up will ask you to choose how you want to create a passkey. Select the relevant option for your new device.
  5. Follow the prompts to set this up.
  6. Once you’ve completed the setup and returned to the Security Methods list, give your newly added authenticator a nickname so it’s easily identifiable.
    1. The new authenticator is the most recently enrolled option on the list.

YubiKey 

Regardless of the platform, the YubiKey must be a version that supports FIDO2, not U2F or the previous FIDO protocol. Series 5, the Security Key series including nano, and the YubiKey Bio series, support this. 

Check a YubiKey’s version by visiting https://yubico.com/genuine.

Request a YubiKey from the Yubikey Order Form.

Set a PIN for the YubiKey

The PIN for your YubiKey can be short and numeric (like your phone’s lock-screen PIN) or long (up to 64 characters) and complex, including letters and special characters. The most important thing is that the PIN is something you’ll remember!

  1. Navigate to Settings in Chrome. 
  2. Select Privacy and security.
  3. Select Security. 
  4. Select Manage security keys.
  5. Select Create a PIN.
  6. Follow the prompts to create a PIN for your YubiKey

Add your YubiKey as a passkey 

  1. On your computer, navigate to go.netflix.com/newpasskey.
  2. Authenticate using Okta Verify.
  3. Select Set up, then Set up again.
  4. If you’re on an Apple device, when a macOS device is signed into iCloud, macOS automatically gives a Sign In prompt to store the passkey on iCloud Keychain. Select Cancel to get more options for where to store the passkey.
  5. At Choose where to save your passkey for wic.prod.netflix.net, select Use a different phone, tablet or security key to store the passkey on the YubiKey.
  6. Enter the YubiKey PIN when prompted and select Next.
  7. Tap the YubiKey when prompted. 
  8. Select Allow to let the site access your security key.
  9. When the Security Methods list is returned, give the newly added authenticator a nickname so it’s easily identifiable.
    1. The new authenticator is the most recently enrolled option on the list.

Remove Passkeys 

  1. Navigate to https://wic.prod.netflix.net/.
  2. Select your Name, then Settings.
  3. Under Security Methods, identify the device you'd like to remove from Okta Passwordless.
  4. Select Remove.

Review Connect to Ivanti VPN on your Chromebook if required.

For Remote or Virtual Machines support refer to Sign Into Okta Passwordless on Remote and Virtual Machines.

If you have any feedback regarding the Passwordless initiative, share your thoughts with us at go.netflix.com/passwordless-feedback.

End User & Agent facing Article 

Troubleshoot Common Okta Passwordless Issues

To start enrollment in Okta Passwordless, visit go.netflix.com/oktaenroll.

To add new passkeys, visit Add a new passkey to your device article.

Follow these troubleshooting steps to resolve some common issues.

Failed to Scan QR Code in Okta Verify 

Enrollment with Android devices to scan QR codes is best used with the Pixel Camera, Google Camera, or QR Scanner. The application must be installed within the work profile if you have multiple profiles.

For iOS devices, use the native camera application to scan any QR code. For Android devices, the Pixel Camera, Google Camera, or QR Scanner from the work profile is required to scan QR codes.

The following errors are caused by using the Okta Verify application to enroll a new authentication method.

Android: Unrecognized QR code

iOS: Failed to scan QR code

Choose where to save this passkey versus create a passkey prompt 

Windows users starting enrollment will notice the sample cards stating Create Passkey. When going through the actual enrollment, the Windows modal window will actually state Choose where to save this passkey. The verbiage is different, but the actions are the same. Users can proceed to save the iPhone, iPad, Android passkey or Security Key when prompted to.

Okta Verify app is not launching 

  1. Open the application Activity Monitor, to confirm that Okta Verify is running.
  2. If it's not open, open the application from the Application folder or Spotlight Search.
  3. Check for the Okta Verify icon in your menu bar.
  4. Select the icon and select Open.

For users without an extended monitor, Okta Verify can generally be found to the right of the camera notch, an area commonly referred to as the menu bar.

If you can't find the app, close out some other applications that are present in the menu bar or configure the scale of Okta Verify to always show in the menu bar. Users with extended screens should be able to find the app in the menu bar going forward.

Okta Verify: Error: Connection Issue when adding mobile device 

Set up Okta Verify on the mobile device separately.

  1. Open Okta Verify on your mobile device.
  2. Select Add account.
  3. Select Organization.
  4. Select Skip.
  5. Select No, sign in instead.
  6. Enter the URL: wic.prod.netflix.net
  7. Follow prompts to sign in and authenticate with your passkey.
    1. If this is an Android device, it may show "no passkey available," which means you need to switch profiles.

Okta Verify: Localhost Error 

Users (especially engineers) may see a localhost error similar to localhost sent an invalid response or localhost took too long to respond. This is caused by the browser caching the HSTS setting for the localhost domain. Follow the steps below to clear the cache.

1. Visit chrome://net-internals/#hsts in your Chrome browser.

2. Under Delete domain security policies, enter localhost and press Delete.

3. Connect to Okta Verify.

Okta Verify on macOS:  Touch ID or password settings out of sync 

On macOS, you may see an error in Okta Verify that states Touch ID or password settings out of sync with Okta Verify; this could mean that a new fingerprint for Touch ID was registered on your computer and has not synced with Okta Verify. If so, please follow these steps to resolve:

If you are using iCloud:

  1. Confirm the Passwords and Keychain setting is turned on:
    1. From your Apple device, open System Settings, select your name, then choose iCloud.
    2. Verify Passwords and Keychain is set to On.
  2. Restart your mobile device.

If enrolled in Okta Verify:

  1. Remove your Netflix Account from Okta Verify on all devices.

If you see the error noted earlier:

  1. Select Update.
  2. Okta Verify will state to check your browser and open a new tab or window prompting you to authenticate with your fingerprint; please proceed to authenticate.
    1. When successfully authenticated, Okta Verify will state Touch ID confirmation enabled and the error message will no longer appear.

The authentication prompt is looping 

Check and disable your adblocker, if it’s enabled.

Use this guide to turn off Chrome's ad blocker.

This site can’t provide a secure connection 

  1. Copy and paste chrome://net-internals/#hsts into your browser.
  2. Under Delete domain security policies, enter localhost and select Delete.

Google Device Policy Sync Error:  Tap to regain work access 

Remove the Okta Verify mobile app that was installed from the Apple Store and install it from the Google Device Policy app.

  1. Open the Google Device Policy app on your mobile device.
  2. Select ≡
  3. Select Apps.
  4. Select Install for Okta Verify.

Linux:  Authentication window hangs when adding a YubiKey 

  1. Retry adding the YubiKey and wait a few minutes.
  2. Check your bluetooth settings. Some configurations may delay the authentication process.
  3. Keep the mobile device close to the computer and if possible, remove the case.
  4. Reboot the mobile device.
  5. If using an external bluetooth adapter, try another adapter if available.

Linux: Enrolled YubiKey no longer registers 

An enrolled YubiKey is met with the error:

This operation either timed out or was not allowed.

  1. Reset the YubiKey to factory settings and program a new PIN and fingerprint using the authenticator app for Linux.
  2. Re-enroll the YubiKey as a passkey from go.netflix.com/newpasskey

Duo Authentication May Appear Even Though You’ve Enrolled in Passwordless 

You may be prompted with a Duo authentication window when attempting to log in to a Netflix application (i.e., Whitepages) if you have just enrolled in passwordless or if you have been enrolled for some time.

If you encounter this, refresh the page where the Duo authentication window appears, and you should be prompted to use one of your passkeys or the desired application will load.

iCloud KeyChain Doesn’t Show as an Option for Enrollment 

iCloud Keychain on your macOS and iOS devices will need to be signed into AppleID and have certain settings applied in order for iCloud Keychain to become a selectable option. Your macOS will need to be on the latest version. Follow the steps here to update your macOS.

To enable iCloud Keychain settings on your Mac, follow the steps below.

  1. On your Mac, visit System Settings.
  2. Select your AppleID.
  3. Select Sign-in & Security.
  4. Select Two-factor Authentication
  5. Set to On if it's not already.
  6. Press back to Apple ID and select iCloud and ensure that Passwords & Keychain to On.
  7. In the same setting, click into Passwords & Keychain and confirm that Sync this Mac set to On.
  8. Repeat the same exact steps on your iPhone.
  9. Revisit go.netflix.com/oktaenroll to start the enrollment workflow.

The AutoFill Passwords and Passkeys option is disabled 

When setting up a mobile passkey for your iOS device, you may be directed to the Password Options menu. Follow these steps:

  1. Visit Settings.
  2. Select Passwords.
  3. If prompted, authenticate with your Face ID or passcode.
  4. Select Password Options.
  5. Set AutoFill Passwords and Passkeys to On.

Samsung:  Google could not verify that this account belongs to you 

  1. Navigate to Settings, then Google and Google Services.
  2. Select Work profile.
  3. Select Autofill password and enable Use autofill with Google.

Arc Browser 

The Arc browser is not supported for Okta. You can see the supported platforms, browsers, and operating systems here.

Arc is not supported by Okta at this moment. You'll be unable to utilize TouchID or Webauthn passkeys. Currently, Google Chrome and Safari (v 15.4 or later, on macOS 12.3.1 or later) support Apple Touch ID as a WebAuthN factor and can be used to log into Okta. After enrolling only into WebAuthN using Apple Touch ID, if users use browsers other than Chrome on MacOS, they may get a browser pop-up asking them to insert the Security Key.You can try using a security key instead so you can just tap the key instead of using mobile. Place an order at go.netflix.com/yubikeyrequest.

If you don't see your issue here, reach out to #ntech-help for further support.

If you have any feedback regarding the Passwordless initiative, share your thoughts with us at go.netflix.com/passwordless-feedback.

End User & Agent facing Article 

Support and Administer Okta Passwordless

Glossary 

  • Okta is a single-sign-on (SSO) provider and software-as-a-service (SaaS) product.
  • An authenticator, authentication factor, or factor is an identity-proving mechanism used to log in. When logging in, users utilize one of their registered authenticators, including passkeys, such as YubiKeys, and the Okta Verify application.
  • A passkey is a type of authenticator, also known as a security key, biometric authenticator, or WebAuthn factor. Passkeys can exist on YubiKeys, be saved by the device’s platform (Windows Hello, macOS or iOS Keychain, the Android OS), or live in password managers (1Password).
  • Okta Verify is an application developed by Okta that can be registered as an authenticator. It has both desktop (macOS and Windows) and mobile (iOS and Android) versions. 
  • Okta FastPass is a login flow that uses the Okta Verify app to authenticate users. We currently recommend using this just in the VPN client on macOS; use passkeys everywhere else.
  • User verification refers to confirmation of a user’s identity to unlock a passkey, such as a biometric (TouchID or FaceID) confirmation or typing a PIN to unlock a YubiKey. Authentication with Okta will sometimes, but not always, require user verification.

Okta Passwordless Migration Video Transcription 

All right. This is going to be a walkthrough of what the passwordless migration testing is going to look like. 

In my demo, I'm going to be using a MacBook. You'll want to make sure that your Touch ID is set up and that you have your phone nearby. This test environment also requires VPN. 

The first thing that we're going to do is make sure that we connect to the VPN. And once we're successfully connected, we're going to go into the test environment here. 

This first page is going to give us a little preview of what to expect. We're no longer using Duo. Instead, we're going to use Touch ID, Windows Hello, and Face ID when logging in. It will also give us a little preview of how long this would take and what you would need if your screen was closed, for example. 

When we're ready, we're going to hit Let's Start at the bottom. And this is going to go through a little survey to help it understand what our current setup is to find the best methods for us to set up with passwordless. 

This is a device that I'm using, and it is a Mac, and we're going to go through this. I will be using an iPhone to set this up. And this asks to see if you have any other devices that you would need to set up later on. For this, I'm only going to be using my computer and phone. And after the survey, it's going to give us the recommendations for the methods that we should be setting up.

When we're ready, we're going to hit Continue to Instructions. And the first thing that it suggested for me to set up is a Chrome passkey. This is going to give a preview of what it will look like. And when we get to the create passkey selection, we're going to use your Chrome profile. 

When we're ready, we're going to open up Okta. We're going to hit Set up. Hit Set up again. And we're going to select Your Chrome profile. Verify that this is my email. And we're going to hit Continue. And then we're going to use that Touch ID to verify. And from there, we're good to go with the Chrome passkey. 

We're going to move on to the next setup method, which is the passkey on my phone. It's going to walk us through the process, what it will look like. And when we get to the passkey creation prompt, we're going to select Use a phone for this method. 

We're going to hit Open Okta again. And this is going to ask for Touch ID because we set up that previous method. We're going to hit Set up. Hit Set up again. And this time, we're going to Use a phone. And once this QR code opens up on your phone, you're going to want to open up the camera app and scan that QR code. Once it's connecting and it says “Follow the steps on your device” on your phone, it's going to ask for you to verify with Face ID. In my example, I'm using an iPhone. 

After I hit Continue and verify that it is me, it signs me in. And this will confirm that we completed the step. 

We're going to hit Continue for the last setup method. 

For the last one, it's going to walk us through how to set up the Okta FastPass. This will walk us through how to install the Okta Verify app, and if you have additional devices to set up, it will walk you through the additional steps, as well. 

I actually already have the Okta Verify app installed. I'm going to open it up, and we're going to hit Get Started. Hit Next. And this is the URL that we're going to want to connect to to get to our account. We're going to hit Next. And what it's going to do is open up in our browser to verify that it's us, it's our account. Use the Touch ID. 

Once we're signed in, it'll ask you to enable Touch ID here. We're going to Enable it. And this will tell us that it's good to go. It's connected. And this will show our account is successfully connected to Okta. 

We're going to close this out. And we're going to hit Finish enrollment here. And this is it for the process. 

Now to verify that everything was successfully set up, we're going to go back to that Passwordless Migration Testing doc and scroll all the way to the bottom. We're going to go to the staging link for Okta. This dashboard is where we're going to go to make sure that all of our methods were successfully set up.

We're going to authenticate and log into that portal. And we're going to go to the account up on the top right. Hit Settings. And under Security Methods here, if your screen is a little smaller, you might see it all the way at the bottom, but this will tell you that all your Security Methods were successfully set up. 

You can see here that the Chrome passkey was set up about two, three minutes ago and everything should be good to go. 

Once you verify that everything is good, we're going to go back to that Passwordless Migration Testing doc and copy this URL here. Paste it. And this reset link is going to reset our Okta account in the test environment so we can continue to test other types of devices and setups. Yep. So that's it.

Requirements for Enrolling 

Most users will have authenticators ready and available in their platform, like Windows Hello and macOS TouchID. However, there are a number of corner cases described here along with some recommendations.

Hard Requirements for a Successful Enrollment:

  1. Check your device is enrolled in Endpoint Management.
  2. Verify your phone and computer’s operating systems are up to date with the latest version.
  3. Ensure Google Chrome is up to date.
  4. In Google Chrome, visit chrome://extensions and disable any ad blockers.
  5. In iOS, ensure AutoFill Passwords and Passkeys is set to On.
    1. On your iOS device, select Settings, then Passwords, Password Options to ensure AutoFill Passwords and Passkeys is set to On.
  6. iCloud users only:
    1. iCloud Keychain is enabled and sync is turned on for macOS and iOS devices.
    2. Ensure these Mac and iPhone settings are on:
      1. On your mac, select System Settings, then AppleID, Sign-in & Security, Two-factor Authentication. Is this set to On?
      2. On your mac, select System Settings, then AppleID, Sign-in & Security, iCloud. Is Passwords & Keychain set to On?
      3. In the same setting, if you click into it, is Sync this Mac set to On?
      4. On your mobile device, confirm all the settings are the same.

macOS 

The macOS Ivanti VPN client is not able to use passkeys and requires Okta Verify. Okta Verify on macOS authenticates with either Touch ID or the macOS system password—the same password the user uses to unlock their MacBook—when not using Touch ID. Users who prefer the biometric option but cannot use the built-in Touch ID sensor, due to a closed lid or being on a desktop, have the option to purchase and expense an Apple Magic Keyboard with Touch ID.

Windows 

Users need to be able to verify their identity with Windows Hello. This requires a PC with a PIN verification option, but fingerprint and facial ID are recommended for better user experience. 

Desktop users or users who need an option when their laptop is docked can purchase and expense any fingerprint reader that supports Windows Hello, such as this one.

Linux 

On Linux, the only supported passwordless authenticator is a YubiKey. A YubiKey Bio is the only supported way to perform passwordless login in the VPN client on Linux, so if you choose to use Linux and you must access VPN, acquire and set up a YubiKey Bio before enrollment. Note that during the YubiKey Bio enrollment, you will first be asked to set up a PIN for the security key. You will also be given the option to set up a fingerprint, but you are not required to do so.

YubiKeys 

Regardless of the platform, the YubiKey must be a version that supports FIDO2, not U2F or the previous FIDO protocol. Series 5, the Security Key series, and the YubiKey Bio series support this. 

Check a YubiKey’s version by visiting https://yubico.com/genuine.

Request a YubiKey from the N-Tech Helpdesk Form.

iOS and Android 

All supported iOS and Android devices work with Okta Passwordless without any additional hardware.

Troubleshooting Resources and Escalation Paths 

Use the Okta Passwordless Jira Dashboard to easily find out if there's a Jira related to your user's issue.

Refer to the Identity and Sign On FAQ for the most recent troubleshooting guidance from the Identity team.

Checking user’s current multi-factor authentication (MFA) provider 

  1. Navigate to Access Control Hub.
  2. Select the Mfa tab to check if a user is enrolled with the Okta provider under Overview. 
    1. Most workforce users will be on Duo until they’ve completed enrollment.

Viewing Okta Logs 

Okta account activity has been configured to feed events into Elastic Search via a backend application called oktastreams. These activity events can be viewed by visiting the go/oktalogs dashboard. This link will display the event logs for both WIC (Workforce Identity Cloud) and CIC (Customer Identity Cloud).

Viewing more detailed, user-specific Okta activity is possible and can be very useful. Having access to this information can help pinpoint a user issue or irregular activity related to an Okta account. To do this:

  1. Connect to full tunnel VPN.
    1. go/oktalogs can be accessed when connected to split tunnel VPN, but full tunnel VPN is needed for Okta Admin. Full tunnel is being suggested to streamline the workflow and reduce connecting to multiple VPN endpoints.
  2. Visit go/oktalogs.
    1. Use this saved filter.
    2. Load your own saved filter from Discover.
  3. Enter the email address of the user in the Search field, in between quotation marks.
  4. Enter the relevant time frame in Show dates.

The populated results from the saved filter will display key information in these fields:

  • Time - the time the event occurred; the displayed time is specific to your region.
  • actor.displayName - the name of the user account or system application that performed the action
  • debug_data.challengeAuthenticatorsList - the configured authenticators associated with the Okta account
  • debug_data.factor - the authenticator used to authenticate
  • client-userAgent.os - the reported operating system the user is performing this action on
  • event_type - the reported event the Okta account is recording at that moment
    • These event types are standardized from Okta. More details about them can be found on the Okta developer site.
  • outcome.reason - the displayed reason for the associated outcome
  • outcome.result - the result of the associated log event

If the issue is related to the Okta Verify application, collect the user's Okta Verify logs.

Viewing Okta Groups 

TES and TEDS can view Okta Groups within Okta Admin, which can be helpful for determining an end user's passwordless enrollment status and how they authenticate into Netflix applications.

Within Okta Admin, access Okta Groups in one of two ways:

  1. Select Groups. Select the appropriate Okta Group to review the members inside that group.
  2. Search for the user using their name or email, then select the correct user profile. When the user profile loads, the Okta Groups they are in will appear.

These are the functions of the current Okta Groups:

  • New Hires: This group includes users who are denied access to all single-sign-on applications because they have not completed the Out of Box Experience (OOBE) activation workflow. When they complete this workflow, they are transferred to the Okta MFA Users group.
  • Allow Password 1FA Logins: Users in this group can authenticate using only their Pandora password. It is currently populated with Netflix Animation Above the Line (ATL) talent.
  • Okta MFA Users—Pre-Enrollment: This group consists of users who are in the middle of passwordless enrollment and may have abandoned the process. If they encounter an "Unable to sign-in" message, they should complete passwordless enrollment at ssoenroll.prod.netflix.net. If the affected user is a new hire, they should visit ssoactivate.prod.netflix.net.
  • Okta MFA Users plus Okta Passwordless Push Users: These users are prompted to use Push authentication. Ensure Okta Verify is set up as an authenticator on their mobile device.
  • Okta MFA Users: This group includes users who have completed enrollment or activation and are prompted to use passwordless authentication.

Self-service account recovery 

As long as a user has access to any device (be it their phone, a laptop, or YubiKey) that is previously registered a passkey, the user can self-service their account from https://wic.prod.netflix.net/enduser/settings and set up new devices and authenticators. 

In most account recovery cases when a user reaches out to N-Tech via email or Slack, they’re presumably using a device where they previously logged in and therefore have a passkey on that device. 

Account recovery facilitated by an admin is only needed if the user lost access to all their devices—phone, laptop, and any registered YubiKeys.

Resetting user authenticators 

Tier 1 Okta admin permissions allow NTE agents to reset authenticators for user accounts.

Use these steps to troubleshoot single authenticators or reset all of them if a user lost access to every authenticator and device or needs to restart the enrollment process.

  1. Verify you are connected to Full Tunnel VPN.
  2. Navigate to https://wic.prod.netflix.net/. 
  3. Select Admin.
  4. Search for the affected user by their email address.
  5. Select Reset authenticators.
    1. A list will pop up showing the available authenticators that the user enrolled.
  6. Select the authenticator to reset and select Reset selected authenticators.

Note: Do not use Enroll FIDO2 security key to remotely support a user. This can only be actioned in person.

Rolling a user back to Duo 

If a user needs to be rolled back, it is important to capture context about why, so teams can work on resolving underlying issues and we can circle back with impacted users when those issues have been resolved.

  1. Fill out the user's details on this sheet.
  2. Navigate to Passwordless Enrollment Management.
  3. Search for the user via Name or Email address.
  4. Select the appropriate user.
  5. In the MFA Application drop-down, change the application to Duo.
  6. Select Save.
  7. Direct the user to self-service enroll again via the Okta Enrollment page.

Note: You must be a member of the PAN-pandora-accounts-ui-mgmt policy to access this interface.

Rolling an Animation user back to MFA 

If a user needs to be rolled back, it is important to capture context about why, so teams can work on resolving underlying issues and we can circle back with impacted users when those issues have been resolved.

  1. Fill out the user's details on this sheet.
  2. Navigate to Passwordless Enrollment Management.
  3. Search for the user via Name or Email address.
  4. Select the appropriate user.
  5. In the MFA Application drop-down, change the application to Netflix Partner (Netflix Partner application - Required enrollment).
  6. Select Save.
  7. Direct the user to self-service enroll again via the Okta Enrollment page.

Note: You must be a member of the PAN-pandora-accounts-ui-mgmt policy to access this interface.

Removing user from forced enrollment group 

Unblock a user who's being forced to migrate to Okta. They'll need to be unblocked to enroll or be rolled back to Duo.

  1. Navigate to the Access Control Hub.
  2. Change the Search option to Groups.
  3. Enter okta-passwordless-forced-migration.
  4. Select the group.
  5. Locate the user.
  6. In Actions, select the ⋮ icon.
  7. Select Delete.

HRCs: Travellers blocked from Sign-in 

If the user is planning to travel to a high-risk country (HRC), they must get VP approval by submitting this form before their trip. Once approved, they’ll be automatically added to the exception group and removed on their return. This process applies to users from these domains: netflixcontractors.com, netflixanimation.com and netflixvfx.com.

If they need urgent access and do not have pre-travel approval, they need to contact Workforce Security at #security-help for assistance.

If they already have approval but cannot access required resources, follow these steps to give them access:

  1. Verify that the user is connecting from a high-risk country.
  2. You can check this in Okta Logs by looking at the client.geographicalContext.country field.
  3. Verify login blockage in Okta Logs - look for the error "Sign-on policy evaluation resulted in DENIED".
  4. Confirm user is already approved by checking in this sheet.
  5. Add the user to the Pandora group. When adding the user, set a TTL (time to live) to ensure the exemption is temporary.

If you are unable to add the user or need assistance:

  1. Create a new thread in #security-help.
  2. Include the affected user's email address.
  3. The Security team can add the user to the Pandora group to restore access.

If they are a Netflix Partner user, they need to request to join the Claire exception group by posting in #nps. No other approval is needed unless the system changes to Passwordless login.

Escalate to IAS and Page in #security-help 

To unblock the user, roll them back to Duo while Identity and AuthN Security (IAS) is looped in.

IAS has a standard one-hour service level agreement (SLA) during PST hours for acknowledgement for on-call.

  1. Page the IAS on-call from the #security-help channel.
  2. Use the /page command. 
    1. Instructions for paging are also pinned in the #security-help channel.
  3. Provide as much detail as possible.
    1. Verify what authenticators the user has registered in the Pandora accounts management UI.
    2. Verify with the user they are unable to log into the Okta dashboard with any of them.

Manual Installers for Okta Verify 

MacOS#

https://wic.prod.netflix.net/api/v1/artifacts/OKTA_VERIFY_MACOS/download?releaseChannel=GA&packageType=PKG

Windows#

https://wic.prod.netflix.net/api/v1/artifacts/WINDOWS_OKTA_VERIFY/download?releaseChannel=GA&packageType=EXE

Common Enrollment Issues 

Android:  Which camera application should be used to enroll?

Enrollment with Android devices to scan QR codes is best used with the Pixel Camera, Google Camera, or QR Scanner. The application must be installed within the work profile if you have multiple profiles.

Choose where to save this this passkey versus Create a passkey prompt 

 Windows users starting enrollment will notice the sample cards stating Create Passkey. When going through the actual enrollment, the Windows modal window will actually state Choose where to save this passkey. The verbiage is different, but the actions are the same. Users can proceed to save the iPhone, iPad, Android passkey or Security Key when prompted to.

User cannot log into wic.prod.netflix.net 

Check they've completed the initial enrollment at https://ssoenroll.prod.netflix.net.

Once they’re fully enrolled, manage their authenticators by logging into https://wic.prod.netflix.net.

User isn’t presented with the option to use their phone during step 2 of enrollment 

If Bluetooth is not enabled, Chrome will not present an option to use a phone or tablet when adding another device. Double-check Bluetooth is enabled and Chrome has permission to use Bluetooth.

Bluetooth might not be available on desktops.

Mac:#

  1. Navigate to System settings.
  2. Select Privacy & security.
  3. Select Bluetooth.
  4. Toggle on Google Chrome.

Windows:#

  1. Select Start.
  2. Select Settings.
  3. Select Bluetooth & devices.
  4. Turn on.

User’s enrolled passkeys or devices are out of order 

Initial enrollment only confirms a user added two authenticators before switching them to Okta as their MFA provider. If a user has a YubiKey, they sometimes register their YubiKey and a passkey on their laptop but never add their mobile device. 

If something isn’t working, double-check the user enrolled a passkey on the device they’re using, not a different device.

Additional authenticators can always be added after initial enrollment. Instructions are in the enrollment documentation.

User cannot set up a YubiKey 

Their YubiKey must be a version that supports FIDO2. Check a YubiKey’s version by visiting https://yubico.com/genuine.

Common Post-Enrollment Issues 

Users can’t log in with a YubiKey 

This may be because the user did not set a PIN on the YubiKey or enrolled it with Okta before setting the PIN. In either case, make sure a PIN has been set on the YubiKey and then remove it from and re-enroll it with Okta.

User is in some sort of login loop 

This usually means that the user is using Okta FastPass somewhere that’s not supported, or that Okta user verification is required but it’s being (silently) skipped, usually because Touch ID is not available and the laptop lid is closed.

Unless the user is logging into VPN on a MacBook, verify that the user is logging in using a passkey rather than Okta Verify or Okta FastPass. There are a number of cases where Okta FastPass is known to not work, but the user-visible result is just to be re-prompted to pick an authenticator rather than displaying an error. Since this is a known issue, we are not currently recommending that users install Okta Verify beyond installing it on MacBooks to use with VPN.

If the user is logging into VPN on a macOS laptop, they must use Okta FastPass.

In either case, make sure that Touch ID is available—that the laptop lid is not closed. If Touch ID is not available, both passkeys and Okta FastPass may attempt to complete authentication without Touch ID—that is, without supplying user verification. This can lead to the opaque result of Okta simply prompting the user to try another factor rather than making it clear that the user needs to pick a factor that can perform user verification.

No passkey is found when logging in on an Android phone 

Passkeys that get added to a personal profile on an Android device are not available to apps in a work profile and vice versa. Unfortunately, Android does not provide strong UI signals about which profile a passkey is getting added to when it's created, so it’s pretty easy to unintentionally create a passkey under a personal profile instead of a work profile.

If this error is occurring when users log in using an app in their work profile, try going through the steps of adding a mobile passkey, but make sure they use a camera app under their work profile, which may have to be installed from the Play store.

If this error is occurring when they’re logging in using an app in their personal profile, install the app on their work profile or create an additional passkey under their personal profile by adding a mobile device and using the camera app under the personal profile to scan the QR code.

Okta Verify isn’t launching 

Related Jira: NFLXTECH-5314

The user may have a lot of apps running from the menu bar. Additional apps can get hidden behind the camera icon. Have the user close the apps, and Okta Verify should display. Select Okta Verify to launch the window.

This site can’t provide a secure connection 

Related Jira: NFLXTECH-3916

  1. Copy and paste chrome://net-internals/#hsts into your browser.
  2. In Delete domain security policies, enter localhost and select Delete.

Office 365 on macOS not prompting to authenticate with Okta Verify 

This may occur because a macOS computer is missing a specific profile named Okta Single Sign On. To confirm the user has this profile installed, have the user follow these steps:

  • Open System Settings on macOS.
  • Select Privacy & Security.
  • Select Profiles.

These actions will display a list of installed profiles for the Netflix-managed macOS computer. If the Okta Single Sign On profile does not exist, the enrolled computer likely will need to have updated profiles installed.

To install the updated profiles, the user will need to:

  • Open Terminal.
  • Type sudo profiles renew -type enrollment.
  • Enter the computer login password.

These steps will install the missing profiles, which include Okta Single Sign On. When installation is confirmed, the user should be able to open Office 365 and be prompted to use Okta Verify for authentication.

User cannot authenticate when logging into PIX 

A user attempting to sign into the PIX desktop application and being unable to authenticate via Okta is a known issue, and Okta’s documentation references it doesn’t support embedded browsers.

For users who are not able to launch Okta Verify to complete authentication for the desktop application, use the web application or download the latest version of PIX.

Linux 

Authentication window hangs when adding a YubiKey 

Related Jira: NFLXTECH-5380 

  1. Retry adding the YubiKey and wait a few minutes.
  2. Check the Bluetooth settings. Some configurations may delay the authentication process.
  3. Keep the mobile device close to the computer and, if possible, remove the case.
  4. Reboot the mobile device.
  5. If using an external Bluetooth adapter, try another adapter if available.

Authentication Error: The operation either timed out or was not allowed 

Related Jira: NFLXTECH-7120 

  1. Restart the browser completely.
  2. Clear the browser cache.
  3. Restart the system.

DION: wic.prod.netflix.net wants to authenticate you using a registered security key.  You can connect and authorize a new one now or cancel.  

Related Jira: NFLXTECH-5446 

Make sure users are following the instructions in Dion as Netflix VPN Router.

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk