Remediation messages for device assurance
If users are denied access due to noncompliance with a device assurance policy, they receive remediation instructions if you enable the Display device error remediation in the browser when access is denied option on the Device Assurance Policies page in the Admin Console. See Add user help for device assurance.
The tables show the messages that are triggered for various unsatisfied device conditions.
Users on Android devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum Android version | Update to Android {version}. |
| Lock screen must be enabled | Enable lock screen. |
| Biometrics must be enabled | Enable lock screen and biometrics. |
| Disk encryption | Encrypt your device. |
| Hardware keystore | Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Rooting | Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Users on ChromeOS devices
If both Okta Verify and Chrome Device Trust are selected as providers, the signal from Okta is given priority.
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum ChromeOS version | Update to ChromeOS {version}. |
| Chrome browser version | Update Chrome browser to {version}. |
| Key trust level | Switch your device to verified or developer mode. |
Users on iOS devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum iOS version | Update to iOS {version}. |
| Lock screen. Passcode must be set | Set a passcode for the lock screen. |
| Touch ID or Face ID must be enabled | Set a passcode for the lock screen and enable Touch ID or Face ID. |
| Jailbreak | Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
Users on macOS devices
If both Okta Verify and Chrome Device Trust are selected as providers, the signal from Okta is given priority.
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum macOS version | Update to macOS {version}. |
| Lock screen must be enabled | Set a passcode for the lock screen. |
| Firewall | Turn on your device's firewall. |
| Screen lock password | Turn on automatic screen saver and screen locking when idle. |
| Disk encryption | Turn on FileVault. |
| Disk encryption enabled | Turn on disk encryption. |
| Secure Enclave | Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Chrome browser version | Update to Chrome browser {version}. |
Users on Windows devices
If both Okta Verify and Chrome Device Trust are selected as providers, the signal from Okta is given priority.
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum Windows version | Update to Windows {version}. |
| Windows Hello must be enabled | Enable Windows Hello for the lock screen. |
| Firewall | Turn on your device's firewall. |
| Disk encryption | Encrypt all internal disks with BitLocker. |
| Disk encryption enabled | Turn on disk encryption. |
| Trusted Platform Module | Your device doesn’t meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Lock screen secured | Turn on automatic screen saver and screen locking when idle. |
| Chrome browser version | Update to Chrome browser {version}. |