Christina.J (Customer Support Online Community and Social Care) asked a question.
Our next Ask Me Anything (AMA) on September 29, 2025, will focus on Okta Device Assurance, a capability that enforces security requirements by ensuring that only trusted, compliant devices can access company resources.
In today’s security landscape, compromised or non-compliant endpoints are among the most common causes of breaches and data loss. Device Assurance helps organizations by enforcing consistent security standards across devices—whether managed or unmanaged—while keeping the sign-in experience frictionless.
Whether you’re looking for insights on deploying, managing, or scaling Device Assurance, now is the time to ask our product expert.
How can I participate?
Submit your questions by clicking the ‘Answer’ button below anytime between now and Friday, September 26. Then join us in this thread on Monday, September 29, from 9 to 11 a.m. PST as an Okta product expert will post detailed, written responses.
Need ideas on what to ask?
- How to roll out Device Assurance for Android, ChromeOS, iOS, macOS, or Windows
- How does Device Assurance fit into a Zero Trust strategy
- Using Device Assurance to restrict access to trusted devices
- What's on the roadmap and how can feedback help shape it
- Real-world use cases and the value other customers have seen
These are just a few examples. We welcome your unique use cases, challenges, or curiosity, no matter how big or small.
Want to learn more about this AMA session? Check out this blog post ---> https://support.okta.com/help/s/blog/a67KZ00000002DOYAY/september-29-ask-me-anything-okta-device-assurance
We want to hear your questions. Drop them in now and get expert insight!
@Christina.J (Customer Support Online Community and Social Care) thanks for sharing
Do I need to use Okta Verify for Device Assurance?
You can use Okta Verify as one of the device attribute providers for Device Assurance policies, but it is not the only option.
When creating a Device Assurance policy, you must select the device attribute providers. You can choose Okta Verify, Chrome Device Trust, or both as posture providers. If you select both, signals from Okta Verify take priority over Chrome Device Trust. The device assurance policy conditions are platform-specific and depend on the provider(s) selected.
For more details, see the official documentation on Add a device assurance policy and Device assurance overview.
Do Device Assurance policies allow the prevention of Okta Verify being installed on jailbroken devices?
No, Device Assurance policies do not prevent the installation of Okta Verify on jailbroken devices.
Device Assurance policies evaluate device security attributes during authentication to allow or deny access based on compliance with configured conditions. One of the conditions you can configure is Rooting or Jailbreak detection, which denies access if the device is jailbroken or rooted. However, these policies do not control or block the installation of the Okta Verify app itself.
For more information, see the official Okta documentation on Device assurance remediation messages and Add a device assurance policy.
How can I inform users that their device is not compliant?
You can inform users that their device is not compliant by configuring remediation instructions that appear in the Sign-In Widget when access is denied due to noncompliance with a device assurance policy.
What Users Will See?
Learn more:
Do I need to use FastPass for Device Assurance?
No, Okta FastPass is not required to use Device Assurance policies.
Device Assurance policies work by evaluating device security attributes during authentication, such as OS version, disk encryption, and jailbreak/root status. These policies rely on device attribute providers like Okta Verify and/or Chrome Device Trust to collect device posture signals.
Okta FastPass is a separate feature that provides a passwordless, phishing-resistant sign-in experience on devices where Okta Verify is installed and enrolled. While Okta FastPass requires Okta Verify to be installed and enrolled on the device, Device Assurance policies do not mandate the use of Okta FastPass. You can create and enforce Device Assurance policies without enabling or using Okta FastPass.
To use Device Assurance with Okta Verify as the provider, users must have at least one Okta Verify enrollment to report device health signals. Okta FastPass enhances the authentication experience but is optional for device posture evaluation. Device assurance policies are applied by including them in authentication policy rules; they are not dependent on FastPass. You can use Okta Verify alone, Chrome Device Trust alone, or both as device attribute providers for device assurance.
For more information, see the official Okta documentation on Device assurance overview and Configure Okta FastPass.
In the past, I read that only devices managed with vmware Aria or Microsoft SCCM/InTune were eligible... did something change, or is planned to change? we use Meraki MDM for IOS devices, jamf for Macs and plain domain GPO for windows devices...