Device registration binds a device to the Okta Verify app instance on the device. Each registered device is a unique object in the Okta Universal Directory and is visible on the Devices page.
Device registration happens automatically when users set up an account in Okta Verify. Admins can't create devices from the Admin Console.
When end users add an account in Okta Verify, the device is automatically registered in the Okta Universal Directory. For Okta Verify account setup details, see the Okta end-user documentation.
- Users create an account in Okta Verify.
- A unique key is created and stored on the device. The key is stored in a hardware-backed keystore (for example, the Trusted Platform Module, or Secure Enclave) or in a software-backed keystore.
- Okta creates a device record in the Universal Directory. The device is bound to the Okta Verify app instance. The device is registered in Okta and appears on the Devices page in the Admin Console ( ).
- When users access an Okta-protected app from the device, Okta probes the device:
- Checks if Okta Verify is installed on the device
- Checks if the device is registered (an Okta Verify account exists)
- Checks if the device is managed (the device is managed by a device management solution, the device is configured for device management in Security Device Integrations, and the user successfully authenticated with Okta FastPass on that device).
- Checks if secure hardware is present (TPM, Secure Enclave)
- Checks if the proof of possession key is hardware-protected
- Deploy Okta Verify to Android devices
- Deploy Okta Verify to iOS devices
- Deploy Okta Verify to macOS devices
- Auto-launch Okta Verify on macOS devices
- Deploy Okta Verify to Windows devices
- Let users skip the Open Okta Verify prompt
- Configure an SSO extension for managed macOS devices
- Configure an SSO extension on iOS devices