<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Authentication Policy Creation Using Terraform Fails with Error "Api validation failed: conditions.device. Causes: errorSummary: conditions.device"
Jan 5, 2026
Okta Identity Engine
Authentication
Overview

Terraform is used to create an authentication policy. After applying the first run, the following error message is encountered:

 

Error: failed to create app sign on policy rule: the API returned an error: Api validation failed: conditions.device. Causes: errorSummary: conditions.device: To create a policy rule using advanced device attributes, contact Okta Support

 

Applies To
  • Adaptive Multi-Factor Authentication (MFA)
  • Okta Identity Engine (OIE)
  • Authentication Policies
  • Terraform
Cause

This error is seen because the following condition is being used: 

device_is_managed = true
Solution

To leverage the managed device condition within authentication policies, the Adaptive MFA SKU is required. The managed device condition is a feature that utilizes contextual signals, such as the device's management status (via integration with a Mobile Device Management, like Intune or Jamf).

Please contact the Account Executive to have the Adaptive MFA SKU license added.

 

Related References

Recommended content

Still looking for help?
Loading
Authentication Policy Creation Using Terraform Fails with Error "Api validation failed: conditions.device. Causes: errorSummary: conditions.device"