Configure Okta FastPass

Configure Okta FastPass for devices that are managed and not managed, to provide end users with a passwordless sign-in experience to Okta-managed resources.

Users of registered devices are not prompted for a user name or password when they try to log into their Okta apps. The passwordless experience is controlled by the policies configured by the admin.


  1. Configure an Global Session Policy for Okta FastPass.
  2. See Configure a global session policy for Okta FastPass.

  3. Enable Okta FastPass.
  4. See Enable Okta FastPass.

  5. Configure an authentication policy for Okta FastPass.
  6. See Configure an authentication policy for passwordless authentication with Okta FastPass.

  7. Make sure end users have the latest version of Okta Verify installed on their devices, and that they enroll (add an account) in Okta Verify:
    • For devices that are managed, you can deploy Okta Verify to them.
    • See Deploy Okta Verify to macOS devices, and Deploy Okta Verify to Windows devices for information about deploying the latest version of Okta Verify to desktop devices and how to use the EnrollmentOptions Flag.

    • For devices that are not managed, notify end users that they need to install Okta Verify.

    See Okta Verify for Windows, Okta Verify for macOS, Okta Verify for iOS, and Okta Verify for Android for end-user documentation.

  8. Optional. Configure settings that affect the end user experience (for example, auto-launch Okta Verify on macOS devices, provide users with a seamless single sign-on experience, or prevent the Okta Verify prompt).
  9. See Device registration.

Related topics

Multifactor authentication

Sign-on policies and rules

Okta Expression Language for devices