This article will address the scenario where users are constantly having NEW DEVICE behavior when logging into Okta.

• Okta Identity Engine
• Okta Classic Engine
• Behavior 
• Risk

Okta recognizes devices based on the device token (DT) cookie sent in the authentication request. If a DT cookie is not present after the initial login, Okta will respond with a new DT cookie that the browser needs to store in most cases.

The DT cookie can be seen in the browsers when accessing the Okta page in developer tools under Application > Storage > Cookies.
If the DT cookie is not present in the request or does not match Okta records, it will result in a NEW DEVICE = POSITIVE behavior.
 

Typical scenarios for new device behavior are :

• The raw agent used for the authentication does not have the possibility to store the DT cookie.
• The DT cookies are not present in the body for authentication in case of API calls or scripts.
• Browsers have the Clear cookies and site data when you close all windows option enabled.
• Okta is not allowed to store cookies and data on the browser.
• The user performed Clear Cookies and other site data.
• The User is using an embedded browser which does not store cookies

For browser-based authentication, when gathering a .har file or network tracing, the DT cookie must be present in the GET {{URL}}/oauth2/v1/authorize cookies section under Cookies sent in the request.

Review the scenarios above to determine what is causing this behavior. Once this is determined you can help users retain their cookies. In the case of using an embedded browser, the only option is to not use an embedded browser, there is currently no workaround.