<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AJExXyCQLOkta Classic EngineDevices and MobilityAnswered2025-02-12T01:15:07.000Z2025-02-07T06:03:54.000Z2025-02-12T01:15:07.000Z

ShoichiroK.00155 (LAC Co., Ltd) asked a question.

February 7, 2025 at 6:03 AM
Could you please confirm that Okta Device Assurance is functioning properly?

Does this feature only work when logging in using FastPass? We have created a mechanism to block access based on the rules of the Okta Device Assurance policy. When attempting to log in with FastPass, access was blocked as expected.

However, when trying to log in using email and password without FastPass, we were able to gain access.

Could you please let me know if this behavior is expected?

Thank you.

 

  • 4 answers
  • 331 views

  • Paul S. (Okta, Inc.)

    Hello @ShoichiroK.00155 (LAC Co., Ltd)​ Thank you for posting on our Community page!

     

    This would be expected behaviour, as for the policy to work it would need to be able to check the device specifics and this will be done though the Okta Verify app.

    Please also see our doc below:

    https://okta.github.io/okta-help/oie/en-us/Content/Topics/identity-engine/devices/device-assurance.htm

    https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/device-assurance-add.htm

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • ShoichiroK.00155 (LAC Co., Ltd)

    こんにちは@Paul S. (Okta, Inc.)

    返信ありがとうございます。さらに質問があります。Device Assuranceを適用するには、ログインフォームからOkta Fast Passを使用して認証する必要がありますか?

    • Paul S. (Okta, Inc.)

      Hello @ShoichiroK.00155 (LAC Co., Ltd)​   Yes, you need to authenticate with Okta Fast Pass form for Device Assurance to apply.

       

      Thank you for reaching out to our Community and have a great day!

      --

      Help others in the community by liking or hitting Select as Best if this response helped you.

      Expand Post

      • ShoichiroK.00155 (LAC Co., Ltd)

        Hello @Paul S. (Okta, Inc.) 

         

        I have incorporated a device assurance policy that requires Windows Hello to be enabled as part of the policy rule. Even if I exclude Okta FastPass from the authentication methods in the rule, users were still able to access applications with Push or TOTP as long as they were on a device with Windows Hello enabled. I think this means that users can log in without using Okta FastPass from the login form. I might be misunderstanding something, so if there's any part that I am mistaken about, please let me know.

        Expand Post
This question is closed.
Loading
Could you please confirm that Okta Device Assurance is functioning properly?