Okta Verify user verification settings
By configuring Okta Verify user verification options, you define how users can enroll in Okta Verify or Okta FastPass.
Android devices
|
User task |
Preferred |
Required |
Required with biometrics only |
|---|---|---|---|
|
Enrollment |
Users are prompted to enable screen lock or biometric confirmation. They can skip this step and proceed with the Okta Verify enrollment. Enrolled users can change the user verification setting from the Okta Verify Account details page. In the Security section, they can turn Screen lock confirmation on or off. On Android 10, this option is called Biometric confirmation. |
New users are prompted to enable screen lock or biometric confirmation. They can’t skip this step. If users don’t have screen lock or biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Enrolled users who didn't enable user verification receive remediation messages on the Account details page in Okta Verify:
Enrolled users can’t turn off screen lock or biometrics confirmation in Okta Verify. |
New users are prompted to enable biometric confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message. Enrolled users who didn't enable biometrics receive a remediation message on the Account details page in Okta Verify. For example, Enable biometric confirmation. Enrolled users can’t turn off biometrics in Okta Verify. |
|
Authentication with Okta Verify Push |
Users are prompted for biometrics if they enabled this method during enrollment. |
Users are prompted for biometric confirmation. |
Users are prompted for biometric confirmation. |
|
Authentication with Okta FastPass |
Users are prompted for biometric or password confirmation according to the possession factor constraints you configured in the authentication policy. See Add an authentication policy rule.
|
||
|
Remediation |
If user verification settings in Okta Verify are out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable biometric confirmation for Okta Verify. |
||
iOS devices
|
User task |
Preferred |
Required |
Required with biometrics only |
|---|---|---|---|
|
Enrollment |
Users are prompted to enable Touch ID, Face ID, or passcode confirmation. They can skip this step and proceed with the Okta Verify enrollment. Enrolled users can change the user verification setting from the Okta Verify Account Details page. For example, they can turn Face ID or Passcode Confirmation on or off. |
New users are prompted to enable Touch ID, Face ID, or passcode confirmation. They can’t skip this step. If users don’t have Touch ID, Face ID, or passcode set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Enrolled users who didn't enable user verification receive remediation messages on the Account Details page in Okta Verify:
Enrolled users can’t turn off Face ID, Touch ID, or passcode confirmation in Okta Verify. |
New users are prompted to enable Touch ID or Face ID confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message. Enrolled users who didn't enable user verification receive remediation messages on the Account details page in Okta Verify. For example, Enable Face ID. Enrolled users can’t turn off Face ID or Touch ID in Okta Verify. |
|
Authentication with Okta Verify Push |
Users are prompted for biometrics if they enabled this method during enrollment. |
Users are prompted for biometric confirmation. |
Users are prompted for biometric confirmation. |
|
Authentication with Okta FastPass |
Users are prompted for biometric or passcode confirmation according to the possession factor constraints you configured in the authentication policy. See Add an authentication policy rule.
|
||
|
Remediation |
If user verification settings in Okta Verify don't match your configurations or went out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Face ID or Passcode Confirmation for Okta Verify. |
||
macOS devices
|
User task |
Preferred |
Required |
Required with biometrics only |
|---|---|---|---|
|
Enrollment |
Users are prompted to enable Touch ID or password confirmation. They can skip this step and proceed with the Okta Verify enrollment. Enrolled users can change the user verification setting from the Okta Verify account details page. They can turn Touch ID confirmation or Password confirmation on or off. |
New users are prompted to enable Touch ID or password confirmation. They can’t skip this step. If users don’t have a Touch ID or password set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Enrolled users who didn't enable user verification receive remediation messages in Okta Verify:
Enrolled users can’t turn off Touch ID or password confirmation in Okta Verify. |
New users are prompted to enable Touch ID confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message. Enrolled users who didn't enable user verification receive remediation messages on in Okta Verify. For example, Enable Touch ID confirmation. Enrolled users can’t turn off Touch ID in Okta Verify. |
|
Authentication with Okta FastPass |
Users are prompted for biometric or password confirmation according to the possession factor constraints you configured in the authentication policy. See Add an authentication policy rule.
|
||
|
Remediation |
If user verification settings in Okta Verify don't match your configurations or went out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Touch ID or password confirmation for Okta Verify. |
||
Windows devices
|
User task |
Preferred |
Required / Required with biometrics only |
|
|---|---|---|---|
|
Enrollment |
Users are prompted to enable Windows Hello. They can skip this step and proceed with the Okta Verify enrollment. Enrolled users can change the user verification setting from the Okta Verify account details page. They can turn Windows Hello confirmation on or off. |
Due to Windows requirements, Required and Required with biometrics only triggers the same user experience. These options are equivalent. When new users enable Windows Hello, they enable face, fingerprint, and PIN verification. New users are prompted to enable Windows Hello confirmation. They can’t skip this step. If users don’t have Windows Hello set up on the device, Okta Verify guides them through setting it up. If the device doesn’t support Windows Hello, it can’t be enrolled in Okta Verify. Users receive a Device not supported message. Enrolled users who didn't enable Windows Hello receive remediation messages in Okta Verify. For example, Enable Windows Hello confirmation. Enrolled users can’t turn off Windows Hello. |
|
|
Authentication |
Users are prompted for biometric or PIN confirmation according to the possession factor constraints you configured in the authentication policy. See Add an authentication policy rule.
|
||
|
Remediation |
If user verification settings in Okta Verify don't match your configurations or went out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Windows Hello confirmation or Windows Hello settings out of sync with Okta Verify. |
||