Pre-upgrade tasks
Before you upgrade to Identity Engine, there are certain configurations you must first set up. These configurations ensure a successful upgrade, so your org has the latest Identity Engine features.
| Task | Description |
| Switch to agentless Desktop Single Sign-on. | Okta IWA agent isn't supported. Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on |
| Turn off Device Trust for mobile devices. | Follow the migration steps to ensure that Device Trust continues to work after the upgrade. |
| Disable Okta Mobility Management. | Identity Engine doesn't support Okta Mobility Management. |
| Migrate from AWS CLI to AWS SSO. | Identity Engine doesn't support AWS CLI. If your org uses this feature, migrate to the AWS SSO app in the OIN. To determine if you use the AWS CLI, search with the following queries: client.userAgent.rawUserAgent eq "gimme-aws-creds 2.4.3" client.userAgent.rawUserAgent eq "saml2aws/1.0 (darwin amd64) Versent" |
| Use Sign-In Widget version 5.11.0 or later. | If you use a custom Okta-hosted sign-in page, check the Sign-in Widget version. If it's earlier than 5.11.0, upgrade to the latest version. Remove the deprecated JavaScript methods. |
| Review SDK documentation. | If your org uses the Okta SDKs for authentication and you're planning to move to Okta FastPass, review the docs: |
| Update event hook endpoints. | If your org uses an event hook endpoint that depends on the phone number field, update the endpoint to handle its new location. |
| Disable State Token All Flows or ignore the warning. | State Token All Flows (STAF) isn't compatible with Identity Engine. If STAF is enabled in your Classic Engine org, you receive a warning. If you choose to not disable STAF, dismiss this warning and proceed with the upgrade. |