ChromeOS support

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

If you use Okta Identity Engine, you can now select ChromeOS as a device platform in authentication policy rules. Previously, you could only select Any or Desktop_Other to match ChromeOS as a device platform in a rule.

If ChromeOS support is enabled, you can select ChromeOS in a rule.

If you want to explicitly select ChromeOS as a device platform in authentication policy rules:

  1. In the Admin Console, go to SettingsFeatures.
  2. Scroll to ChromeOS as a device platform.
  3. Click the toggle icon to enable the feature.

Selecting a device platform in authentication policy rules is primarily useful for auditing and filtering events. You should not use the device platform as the basis for defining the security posture associated with an authentication policy.

Automatic migration

If you have any rules configured with Desktop_Other as a device platform, those rules will be automatically updated to include both ChromeOS and Desktop_Other as the device platforms to match. For example, after a rule is automatically updated, the rule description displays the Platform field with both Desktop Other and ChromeOS listed:

If you don’t want the rule to apply to ChromeOS, you should manually remove ChromeOS from the rule.

If you disable support for ChromeOS, the automatically migrated rules that match Desktop_Other and ChromeOS are reset to match only the Desktop_Other device platform. For example, affter a rule is reset, the rule description displays the Platform field with only Desktop Other listed:

Removal of ChromeOS as a device platform

If you create any new rules explicitly for ChromeOS, they cannot be automatically reset to something else if you want to disable the ChromeOS feature. Any rules you create with the feature enabled must be modified before the feature can be disabled.

To manually update the rule configuration to remove ChromeOS as a device platform, you can make any of the following changes:

  • Remove ChromeOS as a device platform from the rule.

  • Replace ChromeOS with another device platform in the rule.

  • Deactivate, then delete the rule that checks for ChromeOS.

After you remove ChromeOS from all the rules where you have added it, you can go to SettingsFeature. scroll to ChromeOS as a device platform, and click the toggle icon to disable the feature.

Limitations in this release

This phase of support for ChromeOS has the following known limitations:

  • If you use Firefox or Opera as your browser on a ChromeBook device, the authentication rule will not recognize the device platform as ChromeOS.

  • Because Okta Verify is not available for ChromeOS yet, some features—such as FastPass—are not supported for ChromeOS. Because FastPass is not supported, the Access with Okta FastPass is granted has no effect in rules that check for ChromeOS.

  • You can’t select ChromeOS as a device platform when configuring the routing rules for identity providers.

  • Signing in from a ChromeOS device doesn’t create a device record for users.

  • You can’t use ChromeOS in custom expressions.

Known issue in this release

If you attempt to disable ChromeOS as a device platform feature without removing ChromeOS from authentication policy rules, the Admin Console displays misleading Success and Error messages. This is a known issue in the user interface and can be safely ignored. However, before disabling the feature, be sure you have properly removed ChromeOS from all authentication rules.