This article provides information regarding one of the authentication policy rules criteria that can deny or allow access based on the device used.
- Okta Identity Engine (OIE)
- Okta Verify
- Device Management
Okta Identity Engine (OIE) can make application access decisions based on the device context in an incoming request. Device states, device assurance policies, and platforms can be used as conditions in the authentication policy for each app.
Okta Verify is required to be installed on that device to make it registered or registered and managed so admins can see details such as device name, platform, manufacturer, model, and Unique Device Identifier (UDID) in Universal Directory. Admins can Suspend, Un-suspend, or Deactivate a device. See Device lifecycle.
The device platform is determined by the User-Agent used in the authentication request.
Use signals from EMM & EDR solutions
If Device Trust has been purchased, it can be integrated with major Enterprise Mobility Management (EMM) and Endpoint Detection and Response (EDR) solutions to capture even more device signals and use custom expressions to make access decisions in the authentication policy.
