Device Entitlement Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmyzqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Shay MayoShay Mayo 

Device Entitlement

Hello,
Knowing that Okta's device trust functionality has been delayed, wondering if anyone would share how they are tackling device entitlement with apps that are integrated with Okta? 
Bogdan NitescuBogdan Nitescu (Okta, Inc.)
Thanks for your interest here. Just this past August at Oktane, our user conference, we announced a beta for our Device Trust feature which is just one facet of our Contextual Access Management capability. You can read more about it on this blog post (https://www.okta.com/blog/2016/08/contextual-access-management-innovating-across-sso-adaptive-mfa-and-mobility-management/) or this one (https://support.okta.com/help/blogdetail?id=a67F0000000TWJpIAO). Okta's Device Trust functionality works with certificates, whether distributed to the device with Okta Mobility Management or another third party. You can tell Okta which root(s) to look for and we will consider certificates issued by that to be trusted. Again, this functionality is in beta currently, but we're getting a lot of interest from our customers about it and look forward to fleshing out the feature set to meet the needs we're hearing about before bringing it to you more broadly.
 
The one tricky thing you'll need to consider is EAS, since there's no real way to do MFA with EAS. O365 recently announced support for certificate authentication to Exchange Online, so we're also going to be investing in certificate based EAS profiles that are pushed via OMM, if you're interested in that scenario. That way, you could more easily guarantee that a device is trusted, rather than the user just knew how to configure their password in an EAS profile.
 
I hope that answers your question,
Bogdan
Av ShchAv Shch
Is Device Trust capability feature available for early access? We would like to pilot this feature for access with G-Suite apps.