Okta Expression Language can be used to create a custom expression for devices in the Authentication Policy Rule.
- Okta Identity Engine (OIE)
- Authentication Policy
- Authentication Rule
Okta Expression Language attributes can be used in the authentication policy rules to grant access to Okta or applications at a higher granularity.
When creating a custom expression referring to devices, please note the following requirements:
- Always use
device.profile.registered == true, to include device conditions in the custom expression. - In general, device attributes can only be used if Okta FastPass is enabled.
Custom Language for devices can leverage both the device attributes and the Okta Expression Language.
In the example below, the custom expression used the device.profile.registered == true to specify the device must be registered and device.profile.displayName.substring(0,3).contains("X") to require that one of the first 3 letters of the device display name must contain the letter "X".
It is recommended to test the expression on a single application or a test user to prevent lockout scenarios.
