Post-upgrade tasks

After your upgrade to Identity Engine, Okta recommends that you validate specific features. Refrain from modifying any other settings for at least one week to reduce potential conflicts.

If you used Device Trust in Classic Engine, complete this task: Replace Desktop Device Trust with Okta FastPass.

Validate that your org performs as expected after the upgrade is complete:

Validation type Description
General post-upgrade check Test single sign-on with at least five applications

Test the login flows with test users to validate sign-in experience

Validate that MFA authentication works as expected (such as Email and Phone)

Validate your enabled authenticators at Security > Authenticators

Check global session policy settings. If you select Any factor used to meet the Authentication Policy requirements but clear the Require secondary factor checkbox, adjust the applications that call Okta APIs. They expect a secondary factor.

Check authentication policies for the Okta End-User Dashboard and Okta Admin Console

Verify Device Trust configurations under device integrations

Verify that Global Protect is set to the default browser, not Captive Portal


After a week has elapsed, validate that each action performs as expected:

Validation type Description
One-week validation check

Changing global session policies. For custom-coded authentication, see Developer Docs for Identity Engine.

Changing authentication policies

Adding or removing new authenticators

Modifying or adding new authenticator enrollment policy

Modifying password recovery options

Enabling new functionality: Okta FastPass, Device Trust v2, Profile Enrollment.