Configure a global session policy for Okta FastPass
You can create a global session policy that supports Okta FastPass, or edit an existing policy.
This configuration removes the global password requirement from the global session policy and transfers responsibility for defining and enforcing authentication criteria to each of your authentication policies. Before you complete this configuration, create strong authentication policies for all of your apps so that users can't access them with a single enrolled factor.
Create a global session policy for Okta FastPass
-
Add a rule to your new policy.
-
In the Rule Name field, enter a name for the rule. For example, Okta FastPass rule for managed devices.
-
Optional. In the Exclude Users field, enter the names of users (that exist within the group) to exclude from the rule.
- Specify the conditions for the rule. At step 6, configure the following conditions:
- Establish the user session with: Select Any factor used to meet the Authentication Policy requirements. This allows Okta FastPass users to have passwordless authentication.
- ANDMultifactor authentication (MFA) is: Select the Not required option. This allows Okta FastPass users to sign in without using biometrics.
- When you've finished configuring the rule conditions, click Create rule.
Edit an existing global session policy for Okta FastPass
Complete this procedure if you want to configure an existing global session policy for Okta FastPass.
- Follow the steps for Add a global session policy rule. At step 6, configure the following conditions:
- Establish the user session with: Select Any factor used to meet the Authentication Policy requirements. This allows Okta FastPass users to have passwordless authentication.
- AND Multifactor authentication (MFA) is: Select the Not required option. This allows Okta FastPass users to sign in without using biometrics.
- If required, change the rule priority.