Improved New Device Behavior Detection

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features .

 

Improved New Device Behavior Detection supports browsers that store HTTP cookies. Device behavior detection is based on data passed from a web browser and a trusted application. See Security Behavior Detection for more information about securing your org based on end-user activity and behavior.

 

Info

For accurate detection without this feature enabled, enable the security image in the Admin Console by navigating to Admin > Settings > Customization > Optional User Account Fields > Security Image.

 

Web browsers

  • Web browsers that do not store HTTP cookies result in detection with limited accuracy.
  • If Improved New Device Behavior Detection is enabled for your org, sign-in activity from a device using a browser without an HTTP cookie is treated as a new device.

 

Trusted applications

Trusted applications are responsible for identifying devices as part of new device detection.

  • If Improved New Device Behavior Detection is enabled for your org, you can send a unique identifier for each device using deviceToken in the context object. See Authentication context object.
    • Sign-in activity from a device is identified as a new device when the unique identifier is not sent by a trusted application.
  • If Improved New Device Behavior Detection is not enabled for your org, you can send a unique identifier for each device using the X-DEVICE-FINGERPRINT header. See Primary authentication with device fingerprinting.

To learn how to generate a unique identifier, see Device fingerprint best practices.

 

Note about browser fingerprints

Okta is gradually phasing out JavaScript fingerprinting and transitioning to a cookie-based approach.

  • Web browser vendors such as Apple and Mozilla are reducing fingerprint accuracy in their browsers. As a result, browser support for browser fingerprinting only provides best effort accuracy.
  • The same browser fingerprint may be sent from multiple devices. The browser fingerprint may change over time.

  • If the new device behavior is going to rely solely on the browser fingerprinting, Okta recommends using new device behavior detection with new IP behavior detection. Using both together could reduce false negatives.

 

Related topics