<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
FAQs about the Okta Identity Engine Upgrade
Jan 6, 2026
Okta Identity Engine
Additional Resources

What is the Okta Identity Engine?

The Okta Identity Engine is a platform update to Okta’s authentication service, providing increased control over how to protect apps and resources. New capabilities built on the Okta Identity Engine allow for the creation of dynamic, app-based user journeys. There are also improvements to the end-user experience when signing up, selecting an authentication method, and more. For a summary of what’s new and changing, see what’s new for customers with Okta Identity Engine.

 

Do I need to pay more for the Okta Identity Engine?

No, the Okta Identity Engine is a platform service and will not be sold as a separate product or feature. The current products that the organization has already purchased will carry over during the Okta Identity Engine upgrade.

 

How long will the Okta Identity Engine upgrade take? Will my end users be affected?

For many customers, the Okta Identity Engine upgrade will take a few seconds, and for some larger orgs, it may take a few minutes. However, regardless of how long the upgrade takes, the org will not be affected. End users and admins can continue to use Okta without interruption during this time.

 

How can I plan for the Okta Identity Engine upgrade?

Admins will receive an email 4-6 weeks before their scheduled Okta Identity Engine upgrade. During the 4-6 weeks preceding the upgrade, Okta recommends that administrators follow this guidance to ensure a successful upgrade.

 

Avoid making changes to the organization settings, such as:

  • Adding new functionality to the organization
  • Changing App Sign-on Rules, Okta Sign-on Police,s or MFA Enrollment Policies
  • Enabling the factors Symantic VIP or EPCS MFA
     

All other actions will have no impact on the upgrade, such as:

  • Adding, editing, or removing users, groups, applications, and group rules.
  • User management tasks such as activation, password reset, expire password expiration.

Create an Okta Identity Engine free trial to compare the differences between Okta Classic and the Okta Identity Engine.

 

Send a message to the end users and admins, preparing them for the upgrade: see the Okta Identity Engine Upgrade Resources in the End User Communications.
 

What are some post Okta Identity Engine upgrade best practices?

Following the Okta Identity Engine upgrade, the organization may notice new features and functionality. Before making any changes to the org, Okta recommends  taking the following steps to validate that the organization is behaving as expected:

  • Log in with the administrator and end-user account.
  • Test single sign-on with at least 5 of the most popular applications.
  • Validate that Multi-Factor Authentication is functioning as expected.
  • Validate that the Okta Global Session Policy and Authentication Policies match the expectations.
  • Check that the Okta Admin Console and the Okta End-User Dashboard apps are protected as expected.
  • If using device trust, verify that the device trust configurations match expectations.

 

How can I request an upgrade to the Okta Identity Engine?

Our field teams are working with our account teams to upgrade our customers to the Okta Identity Engine. Please contact the Okta customer success executive, account team, or support team for assistance. Once the organization becomes eligible to upgrade, an Okta team member will reach out to discuss the upgrade process.
 

How will APIs be affected as part of the Okta Identity Engine?

All of the legacy APIs will continue to work on the Okta Identity Engine (OIE). Okta has also introduced two new API sets:

Policy API    |    Factors Profiles API

 

Will all of the Okta Classic Features be supported in the Okta Identity Engine?

No, not all of the Okta Classic features will be supported in the Okta Identity Engine. Most features will be supported, but some are being deprecated in Okta Classic. In most cases, a comparable feature is available for organizational use. The Okta field and upgrade teams will let the org know which features will not be supported and will provide steps to move on to new features.
 

Why are only a portion of my Okta organizations being upgraded at a time?

The Okta team has selectively chosen organizations to be upgraded based on their configuration and features. Some organizations will be upgraded earlier than others; however, all organizations will eventually be upgraded to the Okta Identity Engine. To upgrade the organization to the Okta Identity Engine sooner, please reach out to the account executive.
 

Who can I contact if I experience issues with the Okta Identity Engine upgrade?

The best way to get help is to directly message Okta support and submit a ticket to our support team.

Recommended content

Still looking for help?
Loading
FAQs about the Okta Identity Engine Upgrade