When a user adds a new MFA device using TOTP (such as “Google Authenticator”) the secret should be displayed in a manner that the user can copy-paste the secret into their preferred authenticator application.
Currently, Okta supports displaying the 2FA secret as a QR code or, in case scanning doesn’t work, as a string of characters. This string, however, can’t be copied. Users must resort to workarounds like using the browser’s web development tools to inspect the page and extract the TOTP secret. Providing a copy-paste feature would help users sign up more safely and securely.