Okta FastPass allows users to sign in to Okta without using a password. It provides passwordless authentication to any SAML, OIDC, or WS-Fed app in Okta. Use it on Windows, iOS, Android, and macOS devices, from any location or network, to reduce the probability of data breaches that can occur from compromised credentials.
How does it work?
Devices register with universal directory through Okta Verify. After the one-time registration (regardless of where the user is located), the user has passwordless access to all resources in Okta. This includes the Okta End-User Dashboard, native mobile apps, SP-initiated browser access, and desktop thin clients that support modern authentication. It works on any device: managed or not managed, AD-joined or not AD-joined. It does not require devices to be on an office network. Older desktop single sign-on (SSO) features in Okta require Active Directory (AD), but Okta FastPass has no requirements for AD, other user-directories, or specific end-point management tools.
Once a device is registered, the user is not prompted for a user name or password when they try to log into their Okta apps. The passwordless experience is controlled by the Global Session Policy and authentication policy configured by the admin.
What are the benefits?
- Okta FastPass provides passwordless authentication from any device or location to any Okta-managed app.
- You can use Okta FastPass with any device management tool. There is no dependency on AD or a specific enterprise mobility management (EMM)/mobile device management (MDM) software.
- You can combine Okta FastPass with device-level biometrics to avoid additional prompts when accessing Okta-managed apps.
- Okta FastPass works with IdP flows (for example, Agentless DSSO).
- If desired, you can combine Device Trust with Okta FastPass, so passwordless login is only available on managed, compliant devices.
What will end users experience?
If users sign in to the dashboard with Okta FastPass and refresh the page in the browser after signing out, Okta FastPass confirms their identity, and the users gain access to the dashboard. When users refresh the page, Okta verifies their identity as if they typed their organization’s sign-in URL in the browser.
On macOS or Windows desktops set up for authentication with Okta FastPass, if users access the Okta End-User Dashboard from a private browser window (Incognito mode), they gain access to the page as if they were in a regular browser session. Okta Verify runs on the desktop, verifies the identity of the users, and grants them access to the dashboard. The authentication is not affected by the browser mode (regular or private).