The Okta Device Trust feature simplifies the administration of conditional access policies for iOS and Android devices in the Workspace ONE-Okta integration. Device trust and access policies for apps need to be configured only in the Okta Admin console.
When iOS or Android device trust is configured in Okta, users on iOS or Android devices are redirected to Workspace ONE Access for authentication using the Mobile SSO (iOS) or Mobile SSO (Android) authentication method. Workspace ONE Access returns device posture information to Okta in the SAML response.
The access policies you configure in Okta then determine whether the device must be trusted in order to access the application. If the device is untrusted, a device enrollment page is displayed.
Configuring device trust for iOS and Android devices includes the following tasks.
- Configure Okta identity provider routing rules for iOS and Android devices.
- Enable Device Trust settings in Okta.
- Configure app sign-on policy rules in Okta.
- Configure the default access policy in Workspace ONE Access.
Make sure that you follow the preliminary procedures listed for the Device Trust use case in Main Use Cases before proceeding with the tasks in this section. The Device Trust use case requires end-to-end setup, covering all the procedures in this document.