Add device assurance to an authentication policy

You can add platform-specific device assurance policies to enhance authentication policy rules. By adding device checks to authentication policy rules, you can establish minimum requirements for unmanaged devices that have access to systems and applications in your organization. If you configure the policy rule to include multiple conditions, any condition triggers the rule.

Add a DENY action to the catch-all rule to ensure that Okta collects device signals. See Configure an authentication policy for passwordless authentication with Okta FastPass.

Before you begin

Confirm that these conditions are met:

You enabled Okta FastPass for your organization. See Enable Okta FastPass.
You created one or more platform-specific sets of device assurance attributes.
You identified at least one authentication policy that should include device assurance.

Start this task

In the Admin Console, go to SecurityAuthentication Policies.
Select a policy and click Add Rule to add a new rule for device assurance.

To add device assurance to an existing policy rule, select the policy rule you want to modify, and then click Edit.
For AND Device state is, select Registered.
For AND Device assurance policy is, select Any of the following Device Assurance conditions, and then enter the name of a device assurance you have previously created.

You can add multiple platform-specific device assurance policies.
If you add multiple sets of device assurance attributes to the same rule, they’re OR conditions.
If the rule has other conditions, all of the conditions defined for the rule must be met for the rule to be applied.

Specify any additional conditions and what should be done if the conditions are met.
Click Create Rule or Save to save your changes.

Add device assurance to an authentication policy

Before you begin

Start this task

Related topics