<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00000rs02F0AQOkta Classic EngineIntegrationsAnswered2025-05-23T17:40:14.000Z2025-05-23T15:22:40.000Z2025-05-23T17:40:14.000Z

TheofilosT.72069 (Showpad) asked a question.

May 23, 2025 at 3:22 PM
Okta - Kandji Integration for Okta Verify - Managed Device

We have had Passwordless authentication enabled for over a year, and I would like to improve our Authentication Policies to include checks for managed devices.

We are using Kandji and the Okta Verify app from the App Store to deploy Okta Verify to all macOS devices.

  1. If I enable Okta Device Trust, will anything break for existing devices that are already registered?
  2. Do I need to manually reset or remove the app on all devices for the changes to apply?

The Kandji article mentions that for previously registered devices with a management status of "Not managed", the device record needs to be deleted from Okta Universal Directory and the user must sign out of Okta Verify before re-registering the device.

  1. Does this mean that we need to ask users to both remove their Okta Verify account and also delete the device record from Okta? Or is one of those steps enough?
  2. This process seems disruptive. Is there a better way to transition to Okta Device Trust without asking users to manually re-register?

 

 

/help/servlet/rtaImage?refid=0EMKZ000000d3pg

  • 2 answers
  • 202 views

  • Mihai N. (Okta, Inc.)

    Hi @TheofilosT.72069 (Showpad)​ , Thank you for reaching out to the Okta Community! 

     

    I would recommend to open a case to work with the Support team to review your current configuration, but to provide a preliminary answer to your questions: 

    • If I enable Okta Device Trust, will anything break for existing devices that are already registered?

    >Generally, no, it shouldn't break access immediately for devices already registered with Okta Verify.

     

    • Do I need to manually reset or remove the app on all devices for the changes to apply?

    >This is the most reliable path to ensure the device is correctly recognized as "managed" by Okta's Device Trust.

     

    • Does this mean that we need to ask users to both remove their Okta Verify account and also delete the device record from Okta? Or is one of those steps enough?
    • This process seems disruptive. Is there a better way to transition to Okta Device Trust without asking users to manually re-register?

    >Answering these as one: - you might be able to leverage Kandji to push configuration, potentially reducing the need for manual re-registration in some cases depending on the users current condition.

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Expand Post
This question is closed.
Loading
Okta - Kandji Integration for Okta Verify - Managed Device