Troubleshooting "Must be up-to-date with security patches" Error for FastPass/Device Trust on Mobile (iOS/Android)
Jul 17, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview

FastPass and Device Trust are security features designed to provide seamless and secure access to work applications on mobile devices. These features rely on verifying that the device meets certain security standards, including having the latest security patches installed.

 

When the device does not meet these requirements, an error message may be encountered, preventing access to the applications: 

 

Must be up-to-date with security patches

 

Applies To
  • Okta Identity Engine (OIE)
  • Okta Verify
  • Multi-Factor Authentication (MFA)
Cause

The Must be up-to-date with security patches error typically arises from how the org's security policies are configured to assess the patch level of the mobile device. Security updates for iOS and Android devices are not released simultaneously to all devices. Different manufacturers and even different models from the same manufacturer receive updates at varying times. If the security policy is set to strictly enforce the Use a preset version for the minimum required iOS or Android version, it might incorrectly flag the device as outdated even if it has the latest update available for a specific model and carrier. This is because the "preset version" setting might be looking for a patch level that has not yet been rolled out to a particular device.

Solution

To resolve this error and ensure smoother access while maintaining a strong security posture, adjust the Device Assurance settings. Instead of using the Use a preset version option for the Minimum iOS/Android version, follow these steps:

For Production Environment

  • Navigate to the Device Assurance settings.
  • Locate the Minimum iOS Version or Minimum Android Version setting.
  • Change the selection from Use a preset version to Customize. This option allows for more granular control over the accepted patch levels.
  • Manually specify the acceptable Operating System versions and corresponding security patch dates.

Minimum Android version

 

For Preview Environment

  • If the org is using a preview or testing environment, the location of the Customize option might be slightly different. In some preview environments, the Custom option is listed at the very end of the available operating system version list.
    • In the Device Assurance Edit panel, click on OS version, and at the bottom of the dropdown list, select the Custom option.

Custom  

Recommended content

No recommended content found...
Still looking for help?