Remediation messages for device assurance
Enable Display device error remediation in the browser when access is denied on the Device Assurance Policies page to provide users with remediation instructions if they're denied access due to noncompliance. See Add user help for device assurance.
If both Okta Verify and Chrome Device Trust are selected as providers for ChromeOS, macOS, or Windows, then the signal from Okta is given priority.
The following tables show the messages triggered by unsatisfied device conditions for each platform.
Users on Android devices
| Unsatisfied device assurance condition | Message in the Sign-In Widget |
|---|---|
| Minimum Android version | Update to Android {version}. |
| Lock screen must be enabled | Enable lock screen. |
| Biometrics must be enabled | Enable lock screen and biometrics. |
| Disk encryption | Encrypt your device. |
|
Hardware keystore |
Your device doesn't meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
|
Rooting |
Your device doesn't meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Managed | Use a device managed by your organization. |
Users on iOS devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum iOS version | Update to iOS {version}. |
| Lock screen. Passcode must be set | Set a passcode for the lock screen. |
| Touch ID or Face ID must be enabled | Set a passcode for the lock screen and enable Touch ID or Face ID. |
|
Jailbreak |
Your device doesn't meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Managed | Use a device managed by your organization. |
Users on ChromeOS devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum ChromeOS version | Update to ChromeOS {version}. |
| Chrome browser version | Update to Chrome browser {version}. |
| Key trust level | Switch your device to verified or developer mode. |
| Managed | Use a device managed by your organization. |
Users on macOS devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum macOS version | Update to macOS {version}. |
| Lock screen must be enabled | Set a passcode for the lock screen. |
| Firewall | Turn on your device's firewall. |
| Screen lock password | Turn on automatic screen saver and screen locking when idle. |
| Disk encryption | Turn on FileVault. |
| Disk encryption enabled | Turn on disk encryption. |
|
Secure Enclave |
Your device doesn't meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Chrome browser version | Update to Chrome browser {version}. |
| Managed | Use a device managed by your organization. |
Users on Windows devices
| Device assurance condition not satisfied | Message in the Sign-In Widget |
|---|---|
| Minimum Windows version | Update to Windows {version}. |
| Windows Hello must be enabled | Enable Windows Hello for the lock screen. |
| Firewall | Turn on your device's firewall. |
| Disk encryption | Encrypt all internal disks with BitLocker. |
| Disk encryption enabled | Turn on disk encryption. |
|
Trusted Platform Module |
Your device doesn't meet the security requirements. For more information, follow the instructions on the help page or contact your administrator for help. |
| Lock screen secured | Turn on automatic screen saver and screen locking when idle. |
| Chrome browser version | Update to Chrome browser {version}. |
| Managed | Use a device managed by your organization. |
| Virus and threat protection enabled | Enable antivirus software. |