Expression Language attributes for devices
When you use the Okta Expression Language (EL) to create a custom expression for devices, you reference attributes that exist in the Okta Device Profile.
The following table lists the device profile attributes:
Some attributes; such as, device.profile.imei, device.profile.meid, device.profile.serialNumber, device.profile.udid, are not available for all devices.
|
Attribute |
Description |
Type |
Example |
|---|---|---|---|
|
|
Obtains the value of the device profile's display name attribute. Note that 4-byte UTF-8 characters are not currently supported. |
String |
"DESKTOP-BE6IL05", "XYZ S21" |
|
|
Obtains the value of the device profile's International Mobile Equipment Identity (IMEI) attribute. |
String |
"410154203237518" |
|
|
Obtains the value of the device profile's managed attribute. This can only be used when Device Trust is enabled or if the DEVICE_CONDITION_IDX_ADVANCED feature is enabled. |
Boolean |
true or false |
|
|
Obtains the value of the device profile's manufacturer attribute. |
String |
"VMware, Inc.", "samsung" |
|
|
Obtains the value of the device profile's Mobile Equipment Identifier (MEID) attribute. |
String |
"99001092003340" |
|
|
Obtains the value of the device profile's model attribute. |
String |
"VMware7,1", "SM-G991U1" |
|
|
Obtains the value of the device profile's registered attribute. |
Boolean |
true |
|
|
Obtains the value of the device profile's secure hardware present attribute. It checks for chip presence: trusted platform module (TPM) or secure enclave. It does not check whether there are tokens on the secure hardware. |
Boolean |
true or false |
|
|
Obtains the value of the device profile's serial number attribute. |
String |
"VMware-56 5d e2 35 bd d8 66 75-5a bc 10 06 4c 6a fb 85" |
|
|
Obtain the value of the device profile's security identifier (SID) attribute. This is only available with Windows devices. |
String |
"S-1-5-21-1016203815-1917570059-4244971090-500", |
|
|
Obtains the value of the device profile's Trusted Platform Module (TPM) public key hash attribute. |
String |
"18e3b568aeb17b4e75f3838d6b01ffe63c52d976950943a10968761b5bfe3f4d" |
|
|
Obtains the value of the device profile's operating system. |
String |
"IOS", "ANDROID", "WINDOWS", "MACOS", "MOBILE_OTHER", or "DESKTOP_OTHER" |
|
|
Obtains the value of the device profile's unique device ID (UDID) attribute. This is only available with certain managed scenarios. |
String |
"35E24D56-D8BD-7566-1ABC-10064C6AFB85" |
Operators
Use operators in your custom expression to handle decisions. Any Okta Expression Language operator can be used in a custom expression. The following table lists commonly used operators:
| Operator | Description |
|---|---|
&&
|
Signifies an AND function. |
||
|
Signifies an OR function. |
!
|
Signifies a NOT function. |
<, >, <=, and >= |
Signifies relational operators. |
==
|
Checks for equality. |
!=
|
Checks for inequality. |
See Okta Expression Language for a complete list of Okta Expression Language functions.
Important considerations
- Always include
device.profile.registered == trueif you want to include device conditions in your custom expression. - In general, device attributes can only be used if the signed nonce authentication method is enabled.