Device Registration (Okta Devices)

When a user installs Okta Verify on a device and adds an account, the device becomes registered as a unique object in the Okta Universal Directory. This registration binds the user to the Okta Verify app instance on the device, allowing admins to see a list of enrolled devices and change their lifecycle state in the Okta Admin Console.

All registered devices are in one of three lifecycle states:

Suspended This is a temporary state. It is useful to pause (and later resume) device access for users such as contractors or employees who take a leave of absence. Suspended devices can be unsuspended from the Devices page in the Okta Admin Console. When a device is suspended, these are the consequences:
  • All active sessions established on that device using Okta Verify are terminated.
  • Active sessions established without Okta Verify are unaffected until the session ends.
  • New sessions using Okta Verify can't be established.
  • Okta Verify authentication factors can't be used from the device, but users can continue to use password, email, or WebAuthN authentication factors from the device.
  • Users can't add or remove accounts from Okta Verify on the device.
  • Device certificates are unaffected (applies to desktop devices).
  • The device can't be unsuspended by the user trying to enroll in Okta Verify from the device
Deactivated This state can be used if a device is reported as lost or compromised. A device that is deactivated can be reactivated from the Devices page in the Okta Admin Console. However, reactivated devices must be re-enrolled in Okta Verify.
  • All active sessions established on that device using Okta Verify are terminated.
  • Active sessions established without Okta Verify are unaffected until the session ends.
  • New sessions using Okta Verify can't be established.
  • Okta Verify authentication factors (for example, signed nonce authentication, signed nonce with User Verification, temporary one-time password, and Push) can't be used from the device. Still, users can continue to use password, email, or WebAuthN authentication factors from the device.
  • Users can't add or remove accounts from Okta Verify on the device.
  • Enrolled factors on the device are deactivated, and users must re-enroll them when the device is activated.
  • Device certificates are revoked (applies to desktop devices).
  • If all rules in the authentication policy protecting a resource require devices to be registered, a user on a deactivated device is denied access to that resource. If the policy includes rules which allow access from unregistered devices, an end user on a deactivated device might be able to access the resource but not by using Okta Verify.

To see all enrolled devices and manage their lifecycle state, go to Directory > Devices in the Admin Console.

  • On the Devices page, you can filter the devices by:
    • Platform: the device's operating system (for example, Android, Windows)
    • Access status: Any, Created, Active, Suspended, Deactivated
    • Device management: Any, Managed, Not managed
  • The Device info column displays:
    • The device's name. You can click the device name to find device details such as the model, OS version, and enrollment date
    • The device owner's full name (as entered in their Okta user profile).
    • The device owner's Okta username
  • The Platform column displays the device's OS.
  • The Status column displays whether the device is currently active, suspended, or deactivated, as well as whether it is managed or not managed by an EMM.
    • Click pause (The image shows the Suspend button.) to suspend an active device.
    • Click resume (The image shows the Activate button.) to unsuspend a device.
    • Click reactivate (The image shows the Deactivate button.) to deactivate a device.
    • Click delete (The image shows the Delete button.) to delete a deactivated device.

In addition to the company-wide list of devices, you can go directly to a particular user's list of registered devices. In the Okta Admin Console, go to Directory > People.

  1. Search for or click the name of the user whose devices you wish to see.
  2. In the user's profile, click Devices to see further details. You can suspend or deactivate devices from this view.