Validate your upgrade

After your upgrade to Identity Engine, Okta recommends that you validate specific features. Refrain from modifying any other settings for at least one week to reduce potential conflicts.

If you used Device Trust in Classic Engine, complete this task: Replace Desktop Device Trust with Okta FastPass.

Verify that your org performs as expected after the upgrade is complete:

Validation type Description
General post-upgrade check Test single sign-on with at least five applications

Validate sign-in experience with test users

Ensure that MFA authentication works as expected (such as Email and Phone)

Validate your enabled authenticators at SecurityAuthenticators

Check global session policy settings. If you select Any factor used to meet the Authentication Policy requirements but clear the Require secondary factor checkbox, adjust the applications that call Okta APIs. They expect a secondary factor.

Check authentication policies for the Okta End-User Dashboard and Okta Admin Console

Verify Device Trust configurations under device integrations

Verify that Global Protect is set to the default browser, not Captive Portal

After one week, verify that each action performs as expected:

Validation type Description
One-week validation check

Changing global session policies. For custom-coded authentication, see Developer Docs for Identity Engine.

Changing authentication policies

Adding or removing new authenticators

Modifying or adding new authenticator enrollment policy

Modifying password recovery options

Enabling new functionality: Okta FastPass, Device Trust v2, Profile Enrollment.