Add device assurance to an authentication policy
This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.
You can add platform-specific device assurance policies to enhance authentication policy rules. By adding device checks to authentication policy rules, you can establish minimum requirements for unmanaged devices that have access to systems and applications in your organization. If you configure the policy rule to include multiple conditions, any condition triggers the rule.
Before you begin
Confirm that these conditions are met:
You enabled Okta FastPass for your organization. See Enable Okta FastPass
You created one or more platform-specific sets of device assurance attributes.
You identified at least one authentication policy that should include device assurance.
Start this task
In the Admin Console, go to Security > Authentication Policies to add device assurance to an authentication policy rule.
Select a policy and click Add Rule to add a new rule for device assurance.
To add device assurance to an existing policy rule, select the policy rule you want to modify, and then click Edit.
For AND Device state is, select Registered.
- For AND Device assurance policy is, select Any of the following Device Assurance conditions, and then enter the name of a device assurance you have previously created.
- You can add multiple platform-specific device assurance policies.
- If you add multiple sets of device assurance attributes to the same rule, they’re OR conditions.
- If the rule has other conditions, all of the conditions defined for the rule must be met for the rule to be applied.