Okta Verify user verification settings

Early Access release

By configuring Okta Verify user verification options, you define how users can enroll in Okta Verify or Okta FastPass.

Android devices

User task

Preferred

Required

Required with biometrics only

Enrollment

Users are prompted to enable screen lock or biometric confirmation. They can skip this step and proceed with the Okta Verify enrollment.

Enrolled users can change the user verification setting from the Okta Verify Account details page. In the Security section, they can turn Screen lock confirmation on or off. On Android 10, this option is called Biometric confirmation.

New users are prompted to enable screen lock or biometric confirmation. They can’t skip this step. If users don’t have screen lock or biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first.

Enrolled users who didn't enable user verification receive remediation messages on the Account details page in Okta Verify:

  • Enable screen lock confirmation

  • Enable biometric confirmation

  • Screen lock settings out of sync with Okta Verify

Enrolled users can’t turn off screen lock or biometrics confirmation in Okta Verify.

New users are prompted to enable biometric confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message.

Enrolled users who didn't enable biometrics receive a remediation message on the Account details page in Okta Verify. For example, Enable biometric confirmation.

Enrolled users can’t turn off biometrics in Okta Verify.

Authentication

During authentication with Okta Verify Push or Okta FastPass, users are prompted for biometric or screen lock verification according to the authentication policy rules and the user verification method they enabled during enrollment.

Remediation

If user verification settings in Okta Verify are out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable biometric confirmation for Okta Verify.

iOS devices

User task

Preferred

Required

Required with biometrics only

Enrollment

Users are prompted to enable Touch ID, Face ID, or passcode confirmation. They can skip this step and proceed with the Okta Verify enrollment.

Enrolled users can change the user verification setting from the Okta Verify Account Details page. For example, they can turn Face ID or Passcode Confirmation on or off.

New users are prompted to enable Touch ID, Face ID, or passcode confirmation. They can’t skip this step. If users don’t have Touch ID, Face ID, or passcode set up on the device, Okta Verify guides them to the Settings app to complete this configuration first.

Enrolled users who didn't enable user verification receive remediation messages on the Account Details page in Okta Verify:

  • Enable Face ID Confirmation

  • Enable Face ID or Passcode Confirmation

  • Face ID or Passcode Settings out of Sync with Okta Verify

Enrolled users can’t turn off Face ID, Touch ID, or passcode confirmation in Okta Verify.

New users are prompted to enable Touch ID or Face ID confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message.

Enrolled users who didn't enable user verification receive remediation messages on the Account details page in Okta Verify. For example, Enable Face ID.

Enrolled users can’t turn off Face ID or Touch ID in Okta Verify.

Authentication

During authentication with Okta Verify Push or Okta FastPass, users are prompted for biometric or passcode confirmation according to the authentication policy rules and the user verification method they enabled during enrollment.

Remediation

If user verification settings in Okta Verify are out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Face ID or Passcode Confirmation for Okta Verify.

macOS devices

User task

Preferred

Required

Required with biometrics only

Enrollment

Users are prompted to enable Touch ID or password confirmation. They can skip this step and proceed with the Okta Verify enrollment.

Enrolled users can change the user verification setting from the Okta Verify account details page. They can turn Touch ID confirmation or Password confirmation on or off.

New users are prompted to enable Touch ID or password confirmation. They can’t skip this step. If users don’t have a Touch ID or password set up on the device, Okta Verify guides them to the Settings app to complete this configuration first.

Enrolled users who didn't enable user verification receive remediation messages in Okta Verify:

  • Enable Touch ID confirmation

  • Enable Touch ID or password confirmation

  • Touch ID or passwords settings out of sync with Okta Verify

Enrolled users can’t turn off Touch ID or password confirmation in Okta Verify.

New users are prompted to enable Touch ID confirmation. They can’t skip this step. If users don’t have biometrics set up on the device, Okta Verify guides them to the Settings app to complete this configuration first. Devices without biometric capabilities can’t be enrolled in Okta Verify. Users receive a Device not supported message.

Enrolled users who didn't enable user verification receive remediation messages on in Okta Verify. For example, Enable Touch ID confirmation.

Enrolled users can’t turn off Touch ID in Okta Verify.

Authentication

During authentication with Okta FastPass, users are prompted for Touch ID or password confirmation according to authentication policy rules and the user verification methods they enabled during enrollment.

Remediation

If user verification settings in Okta Verify are out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Touch ID or password confirmation for Okta Verify.

Windows devices

User task

Preferred

Required / Required with biometrics only

Enrollment

Users are prompted to enable Windows Hello. They can skip this step and proceed with the Okta Verify enrollment.

Enrolled users can change the user verification setting from the Okta Verify account details page. They can turn Windows Hello confirmation on or off.

Due to Windows requirements, Required and Required with biometrics only triggers the same user experience. These options are equivalent. When new users enable Windows Hello, they enable face, fingerprint, and PIN verification.

New users are prompted to enable Windows Hello confirmation. They can’t skip this step. If users don’t have Windows Hello set up on the device, Okta Verify guides them through setting it up. If the device doesn’t support Windows Hello, it can’t be enrolled in Okta Verify. Users receive a Device not supported message.

Enrolled users who didn't enable Windows Hello receive remediation messages in Okta Verify. For example, Enable Windows Hello confirmation.

Enrolled users can’t turn off Windows Hello.

Authentication

During authentication with Okta FastPass, users are prompted for Windows Hello verification according to authentication policy rules and the user verification methods they enabled during enrollment.

Remediation

If user verification settings in Okta Verify don't match your configurations or went out of sync with the device settings, users receive remediation messages during the authentication flow. For example, Enable Windows Hello confirmation or Windows Hello settings out of sync with Okta Verify.

Related topics

Configure Okta Verify options