Device Trust on Identity Engine

Device Trust (Identity Engine) is currently only available to customers who had Device Trust (Classic Engine) and upgraded to Identity Engine.

Device Trust allows enterprises to ensure that devices are managed by an endpoint management tool before end users can access apps from the device. It uses Mutual Transport Layer Security (mTLS) to attest that a device is trusted and managed.

For mobile (Android, iOS), an endpoint management profile is installed on devices (for example, VMware Workspace ONE UEM, Microsoft Intune, MobileIron). For desktop (Windows, macOS), devices are managed by an agent-based endpoint management tool or managed through a mobile device management profile (for example, Jamf Pro, Microsoft Intune, System Center, BigFix, VMware Workspace ONE UEM). Your organization will have different requirements depending on the endpoint management tools you use. For example, you might require that:

  • Any macOS devices accessing Okta-managed apps must be managed by Jamf Pro
  • Any iOS or Android devices accessing Okta-managed apps must be managed by VMware Workspace ONE UEM
  • Any Windows devices accessing Okta-managed apps must be joined to your on-prem Active Directory and managed by Microsoft Endpoint Manager (MEM)
  • Any hybrid Azure Active Directory (AAD) or AAD-joined Windows devices accessing Okta-managed apps must be managed by MEM.

See Device Trust (Classic Engine) documentation.