For compatibility purposes, it is possible to disable device matching, but Okta recommends against it. By default, Okta ensures that authentication redirects stay within the browser they were initiated by comparing the device identifier provided in the requests. If the values do not match, access to any app will be denied, and no new IdP session will be permitted. In some deployment models, incompatibilities require this function to be disabled, but it should otherwise always remain enabled.

• Enforce Device Matching for Creating Sessions
• Security
• Features

If disabling the default behavior becomes necessary it can be disabled by navigating to Security > General > Organization Security > Enforce device matching for creating sessions.