How to Enable FIPS Encryption on Okta Verify

Enabling Federal Information Processing Standards (FIPS) encryption for Okta Verify requires configuring settings in the Okta Admin Console for both Okta Classic Engine and Okta Identity Engine. The FIPS compliance feature is currently in Early Access (EA) and requires contacting Okta Support for initial enablement before configuring the settings.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Okta Verify
• Multi-Factor Authentication (MFA)

NOTE: If the Okta Admin Console does not display this feature, open a ticket with Okta Support referencing this article.

What are the steps to enable FIPS encryption in Okta Classic Engine?

Enable the FIPS compliance feature in settings, then configure the Okta Verify multifactor settings.

1. Navigate to Okta Admin Console > Settings > Features > FIPS compliance to enable the feature.

2. Navigate to Security > Multifactor.
3. Under Okta Verify > Okta Verify Settings, select Edit.
4. Select Enable FIPS-mode encryption.

5. Click Save.

What are the steps to enable FIPS encryption in Okta Identity Engine?

Enable the FIPS compliance feature in the settings and configure the Okta Verify authenticator settings.

1. Navigate to Okta Admin Console > Settings > Features > FIPS compliance to enable the feature.

2. Navigate to Security > Authenticators.
3. From the Setup tab, select Edit on the Okta Verify authenticator.

4. In the FIPS Compliance field, choose either Users enrolling in Okta Verify can use FIPS compliant devices only or Any device.

5. Click Save.

What is the FIPS compatibility mode for Okta FastPass on desktop devices?

The FIPS compatibility mode for push notifications relies on a previous set of National Institute of Standards and Technology (NIST) definitions of Authenticator Assurance Level 2 (AAL2), which newer standards have since superseded. For example, AAL2 now requires phishing resistance. As a result, this checkbox does not achieve the desired compliance, which is why Okta does not offer it in General Availability (GA) for Okta FastPass. Okta is working to achieve FedRAMP Moderate compliance, including FIPS, for Okta FastPass across all platforms.