Notification emails for a new device sign-in are triggered when a new client is identified based on an end user's browser cookies or fingerprint. In most scenarios, clients are easily and accurately identified, but there are some limitations.
- New Sign-On
- Notification Email
- Cookies
- Fingerprint
The system relies on browser cookies and device fingerprints to identify clients. The following limitations apply to this identification process:
-
Browser Cookies: Client identification is based on the end user's browser cookies. If the browser does not retain cookies, the system may identify the client as new.
-
Browser or OS Changes: New device notifications may be generated when there is a change to the user's operating system or browser. This includes a new browser type or version, or a new operating system type or version.
-
Mobile Applications: For mobile sign-ins, new device notification emails are sent based on detecting a new mobile application and not the device used to sign in.
-
Unknown Devices: An unrecognized browser or operating system appears as "Unknown" in the notification email.
-
Non-Okta IdPs: New device notifications are not generated for a sign-in initiated by non-Okta Identity Providers.
-
Inactivity: End users may receive an unexpected notification email for a new or unknown device if they have not signed in to their accounts within 40 days.
-
First Sign-in: Device fingerprints are captured after a successful sign-in. If the user has not signed in successfully before, it will be considered a new sign-in.
-
Detection Guarantee: New device detection is not always fully guaranteed.
