Improved New Device Behavior Detection

The Improved New Device Behavior Detection feature is a mechanism for detecting that a user is signing in from a new device.

For example, when a user receives a new laptop from their organization and signs in to Okta from it, Okta recognizes that this device hasn't been used to sign in to Okta before, and registers this device as new.

This feature analyzes data from HTTP cookies from the browser through which the user signed in to Okta and trusted applications to provide data about the new device. These data are evaluated by policies to determine whether the user must be prompted for multifactor authentication (MFA) or be allowed to sign in without MFA.

To enable this feature, contact Okta Support at support@okta.com.

See Behavior detection and evaluation for more information about securing your org based on end-user activity and behavior.

Known limitations

  • If Improved New Device Behavior Detection is enabled for your org, sign-in activity from a device using a browser without an HTTP cookie is still treated as a new device, but with limited accuracy.
  • Okta doesn't use data from the Improved New Device Behavior Detection feature to determine when to send an email notification for a new sign-in. In addition, changes to deviceToken or browser cookies may not trigger a new sign-on email notification. See New sign-on notification emails in General Security and Sign-on notifications for end users.

Trusted applications

Trusted applications are responsible for identifying devices as part of new device detection.

  • If Improved New Device Behavior Detection is enabled for your org, you can send a unique identifier for each device using deviceToken in the context object. See Authentication context object.
    • Sign-in activity from a device is identified as a new device when the unique identifier isn't sent by a trusted application.
  • If Improved New Device Behavior Detection isn't enabled for your org, you can send a unique identifier for each device using the X-DEVICE-FINGERPRINT header. See Primary authentication with device fingerprinting.

To learn how to generate a unique identifier, see Device fingerprint best practices.

Note about device detection

In the past, Okta used JavaScript fingerprinting to identify new devices. The Improved New Device Behavior Detection feature no longer relies on browser fingerprinting (not the use of physical fingerprints in biometric authentication):

  • Browser support for browser fingerprinting only provides best-effort accuracy due to web browser vendors such as Apple and Mozilla reducing fingerprint accuracy in their browsers.
  • The browser fingerprint may change over time as the same browser fingerprint may be sent from multiple devices.

As a result, Okta recommends enabling Improved New Device Behavior Detection for more accurate detection.

Related topics

Behavior detection and evaluation

Network zones

Okta ThreatInsight