Device Trust

Before you upgrade to Identity Engine, consider the changes to Device Trust.

Change summary In Identity Engine, you must use Okta FastPass and Okta Verify to secure your mobile devices.
Admin experience

During the upgrade, only desktop (Windows or macOS) devices are transferred to Identity Engine. After the upgrade, you can’t modify Device Trust. In Identity Engine, Device Trust functionality continues to work as configured. However, you no longer have the administrative capability to modify or change configurations.

There’s no automated upgrade for mobile devices. To secure mobile devices, use Okta FastPass.

Review Turn off Mobile Device Trust and Replace Desktop Device Trust with Okta FastPass.

User experience
  • Users can enroll multiple devices in Okta Verify (in Classic Engine, they could enroll only one device).
  • If the authentication policy has the Hardware protected constraint enabled, Okta Verify with Push enrollments don't work.
  • If users already have an Okta Verify account, it continues to work. A Set up Okta FastPass button appears in the app's Account Details page.
  • In Identity Engine, users can't add more than one Okta Verify account per org. If a user has two accounts in a Classic Engine org, both continue to work after upgrading. A Set up Okta FastPass button appears in both accounts. If the user clicks the button in the second account, an error appears.

Related topics

Okta FastPass