Add device assurance to an app sign-in policy

You can add platform-specific device assurance policies to enhance app sign-in policy rules. By adding device checks to app sign-in policy rules, you can establish minimum requirements for unmanaged devices that have access to systems and applications in your organization. If you configure the policy rule to include multiple conditions, any condition triggers the rule.

Add a DENY action to the catch-all rule to ensure that Okta collects device signals. See Configure an app sign-in policy for passwordless authentication with Okta FastPass.

Before you begin

Confirm that these conditions are met:

You enabled Okta FastPass for your organization. See Enable Okta FastPass.
You created one or more platform-specific sets of device assurance attributes.
You identified at least one app sign-in policy that should include device assurance.

Start this task

In the Admin Console, go to SecurityAuthentication Policies.
Click App sign-in.
Select a policy and click Add Rule to add a new rule for device assurance. To add device assurance to an existing policy rule, select the policy rule you want to modify, and then click Edit.
For AND Device state is, select Registered.
For AND Device assurance policy is, select Any of the following Device Assurance conditions, and then enter the name of a device assurance you have previously created.
- You can add multiple platform-specific device assurance policies.
- If you add multiple sets of device assurance attributes to the same rule, they're OR conditions.
- If the rule has other conditions, all of the conditions defined for the rule must be met for the rule to be applied.
Specify any additional conditions and what should be done if the conditions are met.
Click Create Rule or Save to save your changes.

Add device assurance to an app sign-in policy

Before you begin

Start this task

Related topics