Pre-upgrade tasks

Before you upgrade to Identity Engine, there are certain configurations you must first set up. These configurations ensure a successful upgrade, so your org has the latest Identity Engine features.

Task Description
Switch to agentless Desktop Single Sign-on. Okta IWA agent isn't supported.

Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on

Turn off Device Trust for mobile devices. Follow the migration steps to ensure that Device Trust continues to work after the upgrade.

Turn off Mobile Device Trust

Disable Okta Mobility Management. Identity Engine doesn't support Okta Mobility Management.

Disable Okta Mobility Management

Migrate from AWS CLI to AWS SSO. Identity Engine doesn't support AWS CLI. If your org uses this feature, migrate to the AWS SSO app in the OIN.

To determine if you use the AWS CLI, search with the following queries:

client.userAgent.rawUserAgent eq "gimme-aws-creds 2.4.3"

client.userAgent.rawUserAgent eq "saml2aws/1.0 (darwin amd64) Versent"

Use Sign-In Widget version 5.11.0 or later. If you use a custom Okta-hosted sign-in page, check the Sign-in Widget version. If it's earlier than 5.11.0, upgrade to the latest version. Remove the deprecated JavaScript methods.

Upgrade your widget

Deprecated JavaScript methods in the widget

Review SDK documentation. If your org uses the Okta SDKs for authentication and you're planning to move to Okta FastPass, review the docs:

Okta, Inc GitHub

Okta Identity Engine for Okta Developers

Update event hook endpoints. If your org uses an event hook endpoint that depends on the phone number field, update the endpoint to handle its new location.

Update Event hook endpoints

Disable State Token All Flows or ignore the warning. State Token All Flows (STAF) isn't compatible with Identity Engine. If STAF is enabled in your Classic Engine org, you receive a warning. If you choose to not disable STAF, dismiss this warning and proceed with the upgrade.