Configure device trust for iOS and Android devices in the Okta Admin console. Device trust settings work together with the Okta identity provider routing rules to redirect authentication requests from target applications on iOS and Android devices to Workspace ONE.

Important: Do not deselect the Device Trust setting on the Security > Device Trust page in the Okta Admin console if you have also configured an app sign on policy in the Applications > app > Sign On Policy page that allows trusted devices. Otherwise, your Device Trust configuration will be in an inconsistent state. To deactivate Device Trust for your org, first remove any app sign on policies that contain a Device Trust setting, then deselect Device Trust on the Security > Device Trust page.


  1. In the Okta Admin Console, navigate to Security > Device Trust.
  2. Click Edit in the iOS Device Trust or Android Device Trust section, as applicable.
  3. Select Enable iOS Device Trust or Enable Android Device Trust, as applicable.
  4. For Trust is established by, select VMware.
  5. For Integration type, select SAML-based (Workspace ONE UEM + VIDM).
    For example:
    configuring iOS Device Trust
  6. Click Next.
  7. For Device Identity provider, select the identity provider you created in Okta for Workspace ONE Access.
  8. (Optional) In the Mobile device management provider text box, accept the default Workspace ONE value or modify it if necessary.
    Your entry identifies the MDM provider to end users during device enrollment.
  9. In the Enrollment link text box, enter a web address where end users with unmanaged devices will be redirected. For example, you may want to send these users to a page with enrollment instructions, or to the Workspace ONE enrollment page.
    For example:
    configuring iOS Device Trust
  10. Click Save.

What to do next

Configure App Sign-on Policy Rules in Okta