Add device assurance to an authentication policy
You can add platform-specific device assurance policies to enhance authentication policy rules. By adding device checks to authentication policy rules, you can establish minimum requirements for unmanaged devices that have access to systems and applications in your organization. If you configure the policy rule to include multiple conditions, any condition triggers the rule.
Add a DENY action to the catch-all rule to ensure that Okta collects device signals. See Configure an authentication policy for Okta FastPass.
Before you begin
Confirm that these conditions are met:
You enabled Okta FastPass for your organization. See Enable Okta FastPass.
You created one or more platform-specific sets of device assurance attributes.
You identified at least one authentication policy that should include device assurance.
Start this task
In the Admin Console, go to .
Select a policy and click Add Rule to add a new rule for device assurance.
To add device assurance to an existing policy rule, select the policy rule you want to modify, and then click Edit.
For AND Device state is, select Registered.
- For AND Device assurance policy is, select Any of the following Device Assurance conditions, and then enter the name of a device assurance you have previously created.
- You can add multiple platform-specific device assurance policies.
- If you add multiple sets of device assurance attributes to the same rule, they’re OR conditions.
- If the rule has other conditions, all of the conditions defined for the rule must be met for the rule to be applied.