View device details

User and device details are collected when the user authenticates with Okta FastPass. There are two ways to find device details in the Admin Console:

  • Go to DirectoryDevices, and then click a device name.
  • Go to DirectoryPeople, select a user's name and click Devices, and then click a device name.

Some device details are platform-specific. For most devices, you can view the following information:

Device users

A user profile represents an identity that uses an enrolled device to sign in to your org. A user can have more than one profile on a device. For example, a single user can have a business profile to access restricted company apps, and a personal profile to access personal files. A single device can also have more than one user who signs in using the same device. The device details page displays a maximum of 20 users associated with the device, even though there may be more than 20 users assigned to the device.

Details by device user Description Example
User A user's name and email address. Cristina Young c.young@example.com
Enrollment date Date that the device was enrolled in Okta Verify.
Management status Managed:
  • The device is registered (enrolled in Okta Verify).

  • A user profile associated with the device is managed by a device management solution.

  • The device is configured for device management in SecurityDevice Integrations. Ensure that this is completed before the user authenticates with Okta FastPass.

  • The user authenticated with Okta FastPass from the managed device.

Not managed:

  • The device is registered (enrolled in Okta Verify).

  • A user profile associated with the device isn't managed by a device management solution, or the device isn't configured for device management in SecurityDevice Integrations.

Lock screen Indicates whether the screen lock is Disabled, Password, or Password with Windows Hello.

Device security signals

Device security signal Description Example
OS version The OS version installed on the device. 13.5.1
Disk encryption Indicates whether the device is encrypted with BitLocker. The device is marked as encrypted only if BitLocker is active and enabled on the system volume. Fully encrypted
Secure Enclave Indicates whether the iOS and macOS device supports Secure Enclave. Supported
Jailbreak Indicates whether the iOS device is jailbroken. Not jailbroken
Hardware Keystore Indicates whether the Android device supports a hardware keystore. Supported
Rooting Indicates whether the Android device is rooted. Not rooted
Trusted Platform Module Indicates whether the Windows Trusted Platform Module is in use. Not in use

Device identifier

Device identifier Description Example
Display name The display name of the device. Maya's iPhone
Platform The operating system of the device. iOS device
Manufacturer The vendor that created the physical device. APPLE
Model The device type or design. iPhone
OS Version The operating system software version of the device. Version 11.4 (Build 20F71)
IMEI International Mobile Equipment Identity (IMEI) is a unique number for identifying a mobile device on a Global System for Mobile communication (GSM) network. Okta Verify doesn't collect this information but other custom application can collect it.
MEID Mobile Equipment Identifier (MEID) is a unique number for identifying a mobile device on a network that uses Code-Division Multiple Access (CDMA) protocols for second-generation and third-generation wireless communication.

This information isn't collected by Okta Verify, but a custom application can collect it.

UDID The unique device ID (UDID). The UDID is a unique number for identifying Apple devices on an iOS, macOS, tvOS, or watchOS platform. For example: B0G9B65E-89F1-464H-7D2D-E1DH04EEB165
Security identifier The security identifier (SID). The SID is a unique number of a user, user group, or other security principal. For example: S-1-83625951649466-0
Dedicated hardware Indicates if dedicated hardware exists for a Trusted Platform Module (TPM).

The unique identifier (hash) isn't shown for devices with a Trusted Platform Module (TPM). Instead, the placeholder Present - No hash available appears.

Related topics

Device lifecycle

Device registration

Expression Language attributes for devices