Device registration

Device registration binds a device to the Okta Verify app instance on the device. Each registered device is a unique object in the Okta Universal Directory and is listed on the Devices page in the Admin Console.

Device registration happens when users set up an account in Okta Verify. You can't add devices from the Admin Console.

Registration flow

  1. Users create an account in Okta Verify.
  2. A unique key is created and stored on the device. The key is stored in a hardware-backed keystore (for example, the Trusted Platform Module, or Secure Enclave) or a software-backed keystore.
  3. Okta creates a device record in the Universal Directory. The device is now bound to the Okta Verify app instance. To see the device record in the Admin Console, go to Directory Devices.
  4. When users access an Okta-protected app from the device, Okta probes the device of the following attributes:
    • Okta Verify is installed on the device
    • The device is registered (an Okta Verify account exists)
    • The device is managed (the device is managed by a device management solution, configured for device management in Security Device Integrations, and the user successfully authenticated with Okta FastPass on that device).
    • Secure hardware is present (TPM, Secure Enclave)
    • Proof of possession key is hardware-protected

Related topics