<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Enable or Disable the Enforce Device Matching Feature in Okta
Apr 16, 2026
Administration
Okta Identity Engine
All Engines
Okta Classic Engine
Overview

By default, Okta ensures that authentication redirects stay within the initiating browser by comparing the device identifier provided in the requests. If the values do not match, Okta denies access to any application and prevents a new Identity Provider (IdP) session. While Okta recommends keeping this feature enabled, the Security settings provide an option to disable device matching to resolve compatibility issues in certain deployment models.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Enforce Device Matching for Creating Sessions
  • Security
Solution

What steps enable or disable the device matching feature?

To modify the default device matching behavior, navigate to the organization security settings in the Admin Console and adjust the feature configuration.

  1. Go to Security, and then select General.
  2. Locate the Organization Security section.
  3. Select or clear the Enforce device matching for creating sessions option.

Related References

Recommended content

Still looking for help?
Loading
Enable or Disable the Enforce Device Matching Feature in Okta