1Password "QR detection failed" for Okta when QR code is visible on the screen
I can get my Okta setup to display a QR code, but when I tell 1Password to look for it I get the message "QR detection failed" even though the QR code is clearly visible on the screen and all my security options appear correct.
I can get the Okta setup to text me a URL, but neither that URL or any combination of the two codes at the end of it suffice as the OTP setup, giving "The one-time password URL is incorrect: check the URL and try again" in the OTP box.
Background:
Some time back, I had 1Password successfully configured to do 2FA for my company's Okta SSO mechanism.
Then I had a problem with my phone and IT deleted all of my Okta configs, not just the offending one.
Is there an obvious fix or workaround to get this going again?
1Password Version: 8.10.28
Extension Version: N/A
OS Version: macOS 14.3.1
Browser: N/A
Comments
-
Some Okta codes are not scannable by 1Password. Some require the use of their app and during the process the scanned code in their app is combined with a secret from within the app. This likely a huge over simplification. The URL is incorrect message would lead me to believe this is one of the codes that requires the Okta verify app. If you inspect the saved TOTP entry you'll likely see a portion of it is missing this is often a good indicator. If it's Okta verify you're trying to use it cannot be used with 1Password.
Generally speaking provided it is one that can be scanned these are the steps I suggest.
If the code is dense, you may need to increase its size. When this happens, I typically increase it twice. Can you try increasing the size of the QR code? You can do this by pressing the Command key (Control on Windows) and "+" while viewing the code in the browser. I typically have great success with this option. There are others you can try below.
- To return to the standard view size in the browser, press the Command key (Control on Windows) and 0.
Potential other options:
You can also try copying the code from the screen optionally. 1Password is able to see the code on the clipboard. I'm not sure if the code is copyable, but you might also give that a try. Right-click and use the copy image action.
Try scanning the code using 1Password in the browser by using the three vertical dots (more actions). Then click scan code.
- Lastly, ensure that you've restarted 1Password after granting any needed permissions. If not, you may be unable to scan.
- Look for our helper in the menu bar near the WiFi indicator and the clock. Right-click (Option-click) on the helper and select Quit. Wait a few seconds and then open 1Password from the Dock or the Applications folder.
0 -
Thanks. I don't understand why this used to work, but probably there has been a change in the process used by Okta. My setup is indeed for Okta Verify, so looks like I am out of luck getting that 2FA working with 1Password.
Thanks for the help!
0 -
Thank you for the reply. Can you try using the 1Password browser extension (not the desktop app) to scan the QR code instead? You can find instructions here:
Let me know if that works better. 🙂
-Dave
0 -
Alas, no joy. I attached a screenshot of what I saw. Note the entire QR code was visible, but I truncated it in the screenshot.
0 -
Thanks for the screenshot, that helps. Some of the portions of the web page that you're on are cut off in the screenshot but I think you're on the page where you're trying to add a new Okta Verify device, not a TOTP authenticator.
If you go back to your main user settings page for Okta (the URL should end with
...enduser/settings) do you see an option for Google Authenticator? It should look like this:
If you see that option then choose the Google Authenticator option (which is what Okta seems to have decided to name their TOTP option) and follow the steps until you see a QR code. Scan that QR code using 1Password.
Let me know if that works.
-Dave
0 -
It does not appear that I have such an option. Nonetheless, I am appreciating the help.
0 -
Ah that explains it, your Okta administrator likely needs to add Google Authenticator as an option before you're able to use TOTP authenticators like 1Password. If you're not the administrator then forwarding them this guide from Okta might help: Google Authenticator (MFA) | Okta (Note: This is a third-party support article from another service and not a 1Password support article.)
Let me know if there's anything else that I can help you with. 🙂
-Dave
0 -
Thanks for the help!
0 -
It's my pleasure. 🙂
-Dave
0
