Prerequisites for configuring Device Context

Okta devices

To manage devices, configure Okta Verify as an authenticator, and create an enrollment policy to prompt users to enroll a device in Okta Verify.

Add Okta Verify as an authenticator

  1. In the Admin Console, go to Security > Authenticators.
  2. Under Setup, click Add Authenticator.
  3. Configure the Okta Verify options and click Add. See Configure Okta Verify options.

Create an enrollment policy

  1. In the Admin Console, go to Security > Authenticators
  2. Under Enrollment, add a multifactor policy or edit an existing one.
    • Click Add Multifactor Policy.
    • Select the policy you want to edit, and click Edit.

      Note: The users whose devices you register into Okta Devices must be members of a group that the MFA policy is assigned to. These groups will be listed in the policy's Assigned to groups field.

  3. In the Eligible Authenticators section, select one of the following Okta Verify options:
    • Optional: New and existing users can choose to enroll in Okta Verify as an authenticator. Okta Verify enrollment is not mandatory.
    • Required: New and existing users must enroll a device in Okta Verify to access Okta-protected resources.

Device Trust

Devices are considered managed if these requirements are met:

  • Devices must have Okta Verify installed.
  • Mobile device management (MDM) requires integration with a third-party Enterprise Mobile Management (EMM) solution such as Microsoft Intune or Workspace ONE.
  • Desktop device management requires a certificate authority (CA) that can issue client certificates to devices intended to be managed. You can use your own certificate authority or Okta as a CA.
  • iOS devices must have iOS 13 or 14 installed.
  • The following operating systems are supported:
    • Android 7.0 or later
    • iOS 13, iOS 14
    • macOS 10.15.x (Catalina) and 11 (Big Sur)
    • Windows 10, 32-bit and 64-bit
  • macOS systems must have Apple Extensible SSO configured in your EMM solution if you want to create policies that provide a password experience (Okta FastPass).
    See Configure Extensible SSO for Safari and native apps on managed macOS devices.
  • iOS devices must have the Credential SSO Extension configured in your EMM solution if you want to create policies that provide a password experience (Okta FastPass). See Configure Credential SSO Extension for managed iOS devices.

Next steps

Review and implement use cases