<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Enable or Disable the Enforce Device Matching Feature in Okta

Administration
Okta Identity Engine
All Engines
Okta Classic Engine

Overview

By default, Okta ensures that authentication redirects stay within the initiating browser by comparing the device identifier provided in the requests. If the values do not match, Okta denies access to any application and prevents a new Identity Provider (IdP) session. While Okta recommends keeping this feature enabled, the Security settings provide an option to disable device matching to resolve compatibility issues in certain deployment models.

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Enforce Device Matching for Creating Sessions
  • Security

Solution

What steps enable or disable the device matching feature?

To modify the default device matching behavior, navigate to the organization security settings in the Admin Console and adjust the feature configuration.

  1. Go to Security, and then select General.
  2. Locate the Organization Security section.
  3. Select or clear the Enforce device matching for creating sessions option.

Related References

Loading
Okta Support - Enable or Disable the Enforce Device Matching Feature in Okta