Turn off Device Trust on mobile devices
Identity Engine doesn't support Device Trust on mobile devices. If your organization uses mobile devices, or a combination of desktop and mobile devices, turn off Device Trust for mobile devices before you upgrade.
Before you begin
If you have IWA Agents configured in Classic Engine, take note of the configuration settings. In the Admin Console, go to Security > Delegated Authentication > IWA Agents.
These settings are no longer available in the Admin Console after upgrade.
Using your mobile device management (MDM) tool, take an inventory of all devices that have Device Trust certificates. This helps ensure that the same devices continue to work on Identity Engine after upgrade.
Ensure that users have the latest version of Okta Verify. Okta Verify registers the device in the Universal Directory and detects the presence of management certificates on the device. These certificates attest that a device is managed or trusted.
Start this task
- Determine what type of devices you have. In the Admin Console, go to . If Enable iOS Device Trust or Enable Android Device Trust is selected, you have mobile devices. If you have only mobile devices or a mix of mobile and desktop devices in your org, go to the next step.
- Change the app sign-on policy condition for mobile devices to Any:
- Disable Mobile Device Trust policies:
- Turn off Mobile Device Trust:
- In the Admin Console, go to .
- If Enable iOS Device Trust or Enable Android Device Trust is selected, click Edit.
- Clear the checkbox.
- Click Save.
- Deploy Okta Verify to mobile devices.
- Remove the Integrated Windows Authentication (IWA) routing rules. See Delete Integrated Windows Authentication routing rules.
If you have only desktop devices in your org, go to Delete Integrated Windows Authentication routing rules.