User16370330549592969269 (Customer Support Online Experience) asked a question.
Okta FastPass provides phishing-resistant and passwordless access to Okta-protected applications and resources with an intuitive user experience consistent across all major platforms and devices, managed or unmanaged. In addition to providing secure access, Okta FastPass can evaluate device security posture and perform context re-evaluation.
No matter where you are in your journey with deploying FastPass in your organization, we are here to help! Okta product experts will answer all your burning questions, from why FastPass is important, to different factors to consider before rolling out FastPass, to how to deploy FastPass to further secure your environment, and more.
Ask questions from today to Wednesday, December 11, 2024. Please use the ‘Answer’ button below to ask your questions.
Come back on Thursday, December 12, from 9 a.m. to 11 a.m. to join the online session as our FastPass Product Experts from Product and Engineering answer your questions.
Want to learn more details about this FastPass AMA session? Check out this blog post -> https://support.okta.com/help/s/blog/a674z000000149rAAA/december-12-ask-me-anything-with-okta-fastpass-product-experts?language=en_US
This is great Leila, this is a great opportunity to learn more about FastPass!
What is method to deploy Fastness on Windows systems for third parties? Any reference customers that have mass deployed fastpass on assets they don't manage?
Okta Verify can be installed directly by the user. The admin should provide
third-parties with a link to the installer (as found in their admin console under Settings -> Downloads). The link will work for anyone, not just admins.
Example url for finding the link:
https://<org>/api/v1/artifacts/WINDOWS_OKTA_VERIFY/download
cc @AjitK.36872 (Customer)
Does Fast pass work on windows non managed device too?
@SandeepM.27003 (Empower) Yes. All functionality works on devices that are managed and unmanaged. Okta FastPass FAQ has more information.
It would be nice to see an example configuration that allows scoping FastPass (passwordless) login to specific users and groups, so that the "Login with Okta FastPass" button only shows for those to whom it's assigned. It would also be nice to see if FastPass supports streamlined / unattended login similar to Desktop SSO.
We are working on providing more granular enrollment controls. One of the key enhancements comin next year will be having Okta Verify configured into three distinct authenticators (OTP, Push and FastPass), providing flexibility for admins to manage enrollment of each method by user group.
Regarding “It would also be nice to see if FastPass supports streamlined / unattended login similar to Desktop SSO.” - could you please provide more information on what you mean by unattended login? Early next year we will also be providing users with a seamless experience to Okta-protected resources after logging into the device with Desktop MFA through our Okta Device Access product.
When switching to fastpass and eliminating passwords, how do you handle legacy applications that still authenticate using Kerberos? Are users expected to maintain a password for those cases?
Kerberos shouldn’t technically require a user-facing password, but there might be implementation details which require it in your environment. The same is true for Apple devices like macOS and iOS – a password and/or passcode is required for these devices.
Even if a password exists, you can prevent its use in your auth policies by specifying a list of allowed authenticators. With FastPass or FIDO users will get a passwordless experience via User Verification (biometrics or device passcode).
cc @60np4 (60np4)
What does the future of FastPass look like as we journey into 2025? I'm curious to hear about any new functionality or overall evolution in the coming year.