Migrate Workspace ONE SAML-based mobile device trust

In Identity Engine, app sign-on policies are now called authentication policies, and they're shareable across apps. The legacy Workspace ONE SAML-based mobile device trust configuration can be viewed in Security Device integrations Endpoint security. Your org continues to use Workspace ONE SAML-based mobile device trust to secure your mobile devices.

During the upgrade, only Android and iOS mobile devices managed through Workspace ONE SAML-based mobile device trust are transferred to Identity Engine. These mobile devices continue to be managed, however, they don't show up in the Okta Universal Directory as managed devices.

View all Authentication Policies in one location. You can create a policy yourself, instead of only adding rules to an app's default policy, and you can also share one policy among many apps. This allows you to create and maintain policies at scale and evaluate how each policy impacts app access.

Authentication Policies are still viewable on an app's Sign On tab in ApplicationsApplications. However, you can no longer modify the policy from this location.

The classic Workspace ONE SAML-based mobile device trust configuration can be found at Security Device integrations Endpoint security. This configuration can't be modified; it can only be deleted.

Any existing app sign-on policy device trust conditions are turned into Device: Registered, Managed conditions in Identity Engine. To configure authentication policies, go to Security Authentication Policies.

Changes to the user experience depend on how you configure new conditions in the policy. Users continue to access SAML and WS-Fed apps protected by a trusted device condition from the service provider and identity provider.

Users accessing SAML and WS-Fed applications from the Okta Dashboard are redirected to Workspace ONE to evaluate the device management status.