The following reconfiguration has been identified as part of the preparation needed to perform the upgrade to Okta Identity Engine (OIE). Note that additional Okta features may require reconfiguration or be disabled in order to complete the upgrade. This article explains the required changes for custom applications that use a device token with the Authentication API after an organization upgrades to the Okta Identity Engine (OIE). While existing integrations may have some backward compatibility, they must be updated to take advantage of new OIE features related to device context.
- Application Programming Interface (API)
- Software Development Kit (SDK)
- Custom Applications
The Okta Identity Engine (OIE) introduces a new method for evaluating device context using Authentication Policies. The legacy method of passing a device token directly to the Authentication API is superseded by this new, more flexible policy-based approach.
For more information, see Request example for trusted application.
To manage device context in OIE, custom applications using the Authentication API must be updated. The following options are available:
-
Maintain Classic Behavior Temporarily: Leave the Classic Global Sign-on Policy in place. This provides backward compatibility for existing applications while custom sign-in flows are refactored. However, new OIE device context features will not be available to these applications.
-
Replace with a Redirect Model: Update the application to use a redirect-based authentication deployment model. This approach directs users to the Okta-hosted sign-in page, which handles all device context policies automatically.
-
Replace with a New SDK: Update the application to use the latest Okta Identity Engine Software Development Kits (SDKs). The new SDKs are designed to handle the device context and policy evaluation flows required by OIE for embedded applications.
