The following reconfiguration has been identified as part of the preparation needed to perform the upgrade to Okta Identity Engine (OIE). Note that additional Okta features may require reconfiguration or be disabled in order to complete the upgrade. The upgrade process cannot be scheduled when Workspace ONE Security Assertion Markup Language (SAML)-based Device Trust for Android is enabled.

• Okta Identity Engine Upgrades
• Workspace ONE
• Security Assertion Markup Language (SAML)-based Device Trust for Android

SAML-based device trust with Workspace ONE is not supported on OIE. The upgrade cannot be scheduled while this feature is enabled.

NOTE: A resolution for this upgrade blocker was made available on June 11, 2024. The appropriate steps depend on whether SAML-based Device Trust is configured in the organization.

• If SAML-based Device Trust is not configured
  • If the feature is enabled but not configured for use, raise a ticket with Okta support to disable it.

• If SAML-based Device Trust is configured

There are two options to resolve the upgrade blocker:

• • • Migrate the Configuration to OIE
      1. Enable the self-service feature Migration Support for Workspace ONE Device Trust for Android and iOS.
      2. Attempt the upgrade to OIE.
    • Remove SAML-Based Device Trust
      1. Follow the guidance on disabling Mobile Device Trust.
      2. After Mobile Device Trust is disabled, raise a ticket with Okta support to disable this feature on the organization.

Related References

• OIE Upgrade Blocker - Device Trust Mobile Auths (Client-based and SAML-based)
• Management attestation for mobile devices