" you tell the primary to use OktaSSOPri and you tell the secondary to use OktaSSOSec, those settings should stay unique after a commit and config sync" You would expect so, I agree with you. This is not the case though. If I tell the Primary to use "OktaSSOPri" and the secondary to use "OktaSSOSec" I end up with both firewalls using one or the other but not separate due to the sync process "I don't understand the use case of having different login info between an HA pair" When you use Okta for admin access, you provide the landing page, which is essentially the login page for the firewalls, since the devices have different hostnames and different management IP addresses Okta treats these as two separate profiles and generates different metadata for those profiles, this is the reason you end up needing different auth profile in the HA pair
... View more