Test the upgrade in Identity Engine

Perform these tests after completing the Self-service upgrade process. Most upgrades take only a few minutes to complete, so there's no downtime for admins and end users. Your org configurations are seamlessly migrated to Identity Engine.

Before you begin

Record your Classic Engine experience

Test your policies

  1. Sign in to your Okta org with a test user account.

  2. Verify that the global session policy correctly evaluates the test user. Your Classic Engine policies migrate with two new default settings. See Okta sign-on policies.

  3. Enroll in an MFA authenticator with a test user account.

  4. Verify that the authenticator enrollment policy correctly evaluates the test user. Your Classic Engine policies don't change during migration, but some authenticator behavior does. See MFA enrollment policy.

  5. Sign in to your apps with a test user account.

  6. Verify that the authentication policies correctly evaluate the test user. Your Classic Engine app sign-on policies migrate with a few conditions. See App sign-on policy migration.

  7. Attempt to recover your password with a test user account.

  8. Verify that self-service password recovery works for the test user. See Password reset and account recovery.

Test your devices

In Identity Engine, you must use Okta Verify to secure your mobile and desktop devices. If you actively used Device Trust in Classic Engine, after the upgrade you just need to test your authentication policies.

If you didn't use Device Trust in Classic Engine, follow these steps after you upgrade:

  1. Set up Device Trust for mobile and desktop in Identity Engine.

  2. Test authentication policies.

See Turn off Device Trust on mobile devices and Migrate from Device Trust to Okta FastPass FAQ.

Test Self-Service Registration

When you upgrade to Identity Engine, the Self-Service Registration feature is replaced with the profile enrollment policy. This functionality lets end users self-register with either the Sign-In Widget (hosted by Okta) or with an embedded solution using an array of SDKs. The profile enrollment policy also lets you incrementally collect profile data as new users engage with other applications. See Self-service registration.

  1. Test the profile enrollment policy.

  2. Refer to your runbook for customizations and styling.

Test Okta SDKs and third-party tools

If you use Okta SDKs or third-party tools, ensure that they work in Identity Engine after you upgrade. Refer to Okta Developer Documentation for Okta deployment models and SDKs and sample apps.

Test the user experience

After you upgrade to Identity Engine, sign in as that test user and note the sign-in flow and password recovery behavior. Let your users know about the changes they'll experience in the sign-in, sign-up, and recovery flows.

  • They may be prompted for their username first, instead of a username and password. See Sign-In Widget.

  • During sign-up flows, they may be prompted for optional security methods, depending on your profile enrollment policies.

  • The password recovery link is only presented on the page for password entry. Users can't reset their password from the username prompt.

  • Their email messages may contain links (including the URL for the email magic link). See Email templates.

Related topics

Validate your upgrade

Post-upgrade behavior