<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta's Detection of Desktop Browser Spoofing for Mobile Sign-On
May 30, 2025
Single Sign-On
Okta Classic Engine
Overview

This article discusses whether Okta will detect a mobile user spoofing a desktop browser for mobile sign-on.

Applies To
  • Browser spoofing
  • User Agent String
  • Mobile Authentication
  • Okta Classic Engine
Solution

The user agent headers are leveraged for the sign-on policies. If a user agent string is spoofed or stripped, Okta will not be able to determine the true or original user agent string and will use the information provided.

Recommended content

Still looking for help?
Loading
Okta's Detection of Desktop Browser Spoofing for Mobile Sign-On