Before you upgrade to Identity Engine, there are certain configurations you must first set up. These configurations ensure a successful upgrade, so your org has the latest Identity Engine features.
|Learn what features aren't supported.||Learn about features that are no longer supported in Identity Engine.|
|Switch to agentless Desktop Single Sign-on.||Okta IWA agent isn't supported.|
|Disable Factor Sequencing.||Identity Engine replaces Factor Sequencing with Assurance Models. These fine-grained controls increase security levels based on specific scenarios.|
|Turn off Device Trust for mobile devices.||Follow the migration steps to ensure that Device Trust continues to work after the upgrade.|
|Disable Okta Mobility Management.||Identity Engine doesn't support Okta Mobility Management.|
|Migrate to the new RADIUS app model.||Identity Engine doesn't support RADIUS legacy mode.|
|Migrate from AWS CLI to AWS SSO.||Identity Engine doesn't support AWS CLI. If your org uses this feature, migrate to the AWS SSO app in the OIN.
To determine if you use the AWS CLI, search with the following queries:
client.userAgent.rawUserAgent eq "gimme-aws-creds 2.4.3"
client.userAgent.rawUserAgent eq "saml2aws/1.0 (darwin amd64) Versent"
|Review SDK documentation.||If your org uses the Okta SDKs for authentication and you're planning to move to Okta FastPass, review the docs:|
|Disable State Token All Flows or ignore the warning.||State Token All Flows (STAF) isn't compatible with Identity Engine. If STAF is enabled in your Classic Engine org, you receive a warning. If you choose to not disable STAF, dismiss this warning and proceed with the upgrade.|