This feature is currently in Early Access (EA). To enable it for the Okta Org, please contact Okta Support. Once enabled, follow the steps below.
- Okta Verify
- Multi-Factor Authentication (MFA)
NOTE: If this feature is not available in the org, please open a ticket with Okta Support, referencing this article.
In Okta Classic Engine
- First, enable the feature by going to Okta Admin Console > Settings > Features > FIPS compliance.
- After that, go to Security > Multifactor. The Factor Types screen appears with Okta Verify as the default selection.
- Under Okta Verify > Okta Verify Settings, click Edit.
- To enable, select Enable FIPS-mode encryption.
- Click Save once the changes are made.
In Okta Identity Engine
-
First, enable the feature by going to Okta Admin Console > Settings > Features > FIPS compliance.
-
After that, go to Security > Authenticators.
-
From the Setup tab, select Edit Okta Verify.
-
In the FIPS Compliance field, choose whether Users enrolling in Okta Verify can use FIPS compliant devices only or Any device.
-
Click Save once all the desired changes are made.
FIPS Compatibility Mode for Okta FastPass on Desktop devices
The FIPS compatibility mode for push (ported from classic) relies on a previous set of NIST definitions of AAL2, which have since been superseded (for example, phishing resistance is now required for AAL2). As a result, this checkbox does not achieve the desired compliance (this is why it is not General Availability (GA) for FastPass). Okta is working to achieve FedRAMP Moderate compliance (including FIPS) for FastPass across all platforms.
