<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
ZTA Score and Okta Verify FastPass
Aug 20, 2025
Okta Identity Engine
Okta Device Access
Overview

This article provides information that must be considered when setting up an authentication policy with a custom expression that requires a specific ZTA score.

Applies To
  • Multifactor authentication (MFA)
  • Okta Identity Engine (OIE)
  • CrowdStrike
  • Endpoint Security
Cause

In specific scenarios, the ZTA score is not transmitted to Okta since Okta Verify FastPass is not used in the authentication process.

Solution

The custom expression in the authentication policy alone will not enforce login with Okta FastPass. For the ZTA score to be provided, the administrator needs to either:

  • Enforce login with Okta Verify FastPass based on a combination of enrollment policy and possession factor constraints or;
  • Have at least one authentication rule to require for the device to be registered - that will trigger a silent check of the device and if Okta Verify is present, it will provide the ZTA score in the login process.

Related References

Recommended content

Still looking for help?
Loading
ZTA Score and Okta Verify FastPass