Device Trust for mobile devices

Learn about the changes to Device Trust for mobile devices.

This process doesn't apply to orgs that are using Workspace ONE SAML-based mobile device trust. To upgrade your Workspace ONE SAML-based mobile device trust configuration to Identity Engine, see Migrate Workspace ONE SAML-based mobile device trust.

Change summary	In Identity Engine, you must use Okta Verify to secure your mobile devices.
Admin experience	There's no automated upgrade for mobile devices. To secure your mobile devices, enable Okta FastPass in Okta Verify after the upgrade. Before you upgrade: Turn off Device Trust on mobile devices After you upgrade: Management attestation for mobile devices Managed app configurations
User experience	Users can enroll multiple devices in Okta Verify (in Classic Engine, they can enroll only one device). If the app sign-in policy has the Hardware protected constraint enabled, Okta Verify enrollments with push notifications don't work. If users already have an Okta Verify account, it continues to work. A Set up Okta FastPass button appears in the app's Account Details page. In Identity Engine, users can't add more than one Okta Verify account per org. If a user has two accounts in a Classic Engine org, both continue to work after upgrading. A Set up Okta FastPass button appears in both accounts. If the user clicks the button in the second account, an error appears.
Related topics	Device Trust for desktop devices