<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Unable to Disable Okta FastPass Due to Application Sign-On Policies Error

Okta Identity Engine
FastPass

Overview

When attempting to disable the Okta FastPass capability within the Okta Verify authenticator setup, an administrator receives an error and cannot save the changes. This occurs because one or more application sign-on policies currently use Okta FastPass. Locating and removing the specific rule enforcing the device condition resolves the issue. When this failure occurs, Okta generates the following error:

 

We ran into some problems: You can’t disable Okta FastPass because it is being used by one or more application sign-on policies. First, go to each policy and remove any device conditions. Then, come back and try again.

 

Applies To

  • Okta Identity Engine (OIE)
  • Okta Verify
  • Okta FastPass
  • Authentication Policies

Cause

One or more application sign-on policies currently use Okta FastPass, preventing administrators from disabling the capability.

Solution

How is the Okta FastPass disable error resolved?

Resolve this issue by locating and removing the specific rule enforcing the device condition across all authentication policies.

Step 1: Audit All Authentication Policies

The most common root cause is an overlooked rule in a custom policy or a deactivated application.

  1. In the Okta Admin Console, go to Security > Authentication Policies.
  2. Methodically review all policies, paying special attention to policies attached to inactive or test applications.
  3. Edit any rule where the Device state is set to Registered or Managed.
  4. Change the Device state requirement to Any and clear specific device management requirements. Save the rule.

Step 2: Check the Default Policy

If custom application policies are clear, the condition may reside in the overarching Default Policy.

  1. Go to Security > Authentication Policies.
  2. Select the Default Policy.
  3. Review all rules, especially custom ones, to ensure none require a Registered or Managed device state. Change the state to Any if found.

Step 3: Check Custom Rules in the Okta Account Management Policy

While the default rule of the Okta Account Management Policy is locked, administrators can add custom rules above it.

  1. Select the Okta Account Management Policy.
  2. Look strictly at any custom rules listed above the Default Rule.
  3. If a custom rule mandates a Registered or Managed device state, edit the rule to remove the condition.

Once all references to Registered or Managed device states are removed across all active and inactive policies, administrators can successfully disable Okta FastPass.

Loading
Okta Support - Unable to Disable Okta FastPass Due to Application Sign-On Policies Error