When VMware Identity Manager 3.3.7 is integrated with Okta as a Third-Party Identity Provider (IdP), you may experience an issue during the login flow to downstream applications such as VMware Aria Automation. Upon redirection to the Okta login screen, multiple consecutive Okta Verify push notifications are sent to your mobile device. While the login flow eventually succeeds, the duplicate prompts cause MFA fatigue and a poor user experience.

• VMware Identity Manager 3.3.7

• VMware Aria Automation 8.18.1

• Okta (configured as Third-Party IdP)

The issue is driven by an external client-side race condition within the Okta authentication script, specifically linked to the "Send Push Automatically" feature.

Workaround: To resolve this issue, disable the auto-push behavior on the Okta side. This forces you to manually initiate the push notification ensuring the browser state is fully stable before the API call is executed.

1. Access the Okta Admin Console.

2. Navigate to Security > Authentication > Sign On.

3. Locate and select the specific Sign On Policy applied to the VMware Identity Manager and VMware Aria Automation application.

4. Edit the specific Rule enforcing MFA.

5. In the Factor Prompt or Okta Verify settings, uncheck the configuration box for Send push automatically.

6. Save and update the rule.