Okta FastPass

Okta FastPass provides passwordless authentication to any SAML, OIDC, or WS-Fed app in Okta. The solution is supported on Android, iOS, macOS and Windows devices, from any location or network. Okta FastPass reduces the probability of data breaches that can occur from compromised credentials.


Devices register with Universal Directory through Okta Verify. After the one-time registration (regardless of where the user is located), the user has passwordless access to all resources in Okta. This includes the Okta End-User Dashboard, native mobile apps, SP-initiated browser access, and desktop thin clients that support modern authentication. It works on any device: managed or not managed, AD-Joined, or not AD-Joined. It doesn't require devices to be on an office network. Older desktop single sign-on (SSO) features in Okta require Active Directory (AD), but Okta FastPass has no requirements for AD, other user-directories, or specific end-point management tools.

Once a device is registered, the user isn't prompted for a username or password when they try to log into their Okta apps. The passwordless experience is controlled by the Global Session Policy and authentication policy configured by the admin.


  • Okta FastPass provides passwordless authentication from any device or location to any Okta-managed app.
  • You can use Okta FastPass with any device management tool. There's no dependency on AD or a specific enterprise mobility management (EMM)/mobile device management (MDM) software.
  • You can combine Okta FastPass with device-level biometrics to avoid extra prompts when accessing Okta-managed apps.
  • Okta FastPass works with IdP flows (for example, Agentless DSSO).
  • If desired, you can combine Device Trust with Okta FastPass, so passwordless login is only available on managed, compliant devices.

User experience

Okta FastPass authentication instructions for end users are available for all supported platforms:

Android devices

iOS devices

macOS devices

Windows devices