User16370330549592969269 (Customer Support Online Experience) asked a question.
What is Okta FastPass, and how does it enable phishing resistant authentication to prevent phishing attacks, session theft, and unauthorized activity? It does so by providing passwordless, cryptographically secure access – only to trusted applications – with an intuitive user experience consistent across all major platforms and devices, managed or unmanaged. And with silent context evaluations of your browsers and devices at every app login, together with signals from your wider security solution ecosystem, FastPass strengthens the Zero Trust security of any organization.
No matter where you are in your journey with deploying FastPass in your organization, we are here to help! Okta product experts will answer all your burning questions, from why FastPass is important to different factors to consider before rolling out FastPass, how to deploy FastPass to further secure your environment, and more.
Ask questions from today to Tuesday, January 30, 2024. Please use the Answer button below to ask your questions.
Come back on Wednesday, January 31, 2024, from 8 a.m. to 10 a.m. PST to join the online session as our Okta FastPass Product Experts, Chandra Shirashyad (Director of Engineering), Steve Lind (Software Architect), and Harish Chakravarthy (Technical Marketing) provide written, comprehensive answers to your questions.
Want to learn more details about this AMA session? Check out this blog article -> https://support.okta.com/help/s/blog/a674z000000141iAAA/jan-31-ask-me-anything-with-okta-fastpass-product-teams?language=en_US
Thanks for the update @User16370330549592969269 (Customer Support Online Experience) ! Looking forward to it!
When will Okta Verify be able to be the only factor enrolled and then if someone needs to login to something mobile then they can use the Okta Verify App. We want to force our users to use Okta Verify when on desktops.
App sign-on policies can be configured so desktop devices can only sign in via Okta Verify FastPass. To do this, Require a ‘Registered Device’ for Windows and macOS platforms.
Enrollment policy rules don’t yet have platform constraints, so it is not yet possible to differentiate authenticator requirements between mobile and desktops. We are looking into adding this as a feature, thank you for the request!
How to get a new QR code?? I got a new phone and because of that I got locked out. Why is this app so annoying? This isn't even a security issue. Where do I get new QR code?
Okta Verify's keys are device-bound, meaning that they can't be synced to a new phone automatically. Syncable keys are a security issue in many organizations, as backups can be restored remotely given the right passcode/apple id combo.
When upgrading to a new phone, the best way to migrate the enrollment is to use Add account to another device, which provides a phishing resistant method to migrate accounts.
Alternatively, end users can generate a QR code from the end-user settings page, provided they can supply 2FA with other factors (e.g. they still have the old phone or can supply password + WebAuthN etc.)
End users can generate a QR code from the end-user settings page. Check out the help pages for Android and iOS. However, a better way to enroll in Okta Verify on a new phone exists. If you have another device (your old phone or desktop) with Okta Verify enrolled, you can bootstrap enrollment on your new device without needing a QR code or authentication.
@jyvz8 (jyvz8) Please let the Okta admin reset your Okta verify.
Thanks for the update @User16370330549592969269 (Customer Support Online Experience) ! Looking forward to it!
Is there a way to remove TOTP option alone in Okta verify app . Its kinda a default and greyed out
For historical reasons, TOTP is always included as a potential backup factor for Okta Verify on mobile devices. I doesn't have any effect on desktop devices, which don't support TOTP.
Though it can’t be disabled at this time, you can configure sign-on policies to prevent the use of TOTP codes (e.g., check ‘phishing resistant’ or ‘hardware bound’)
We are considering enabling the removal of TOTP from the Okta Verify Authenticator settings.