The Okta Device Trust feature simplifies the administration of conditional access policies for iOS and Android devices in the Workspace ONE-Okta integration. Device trust and access policies for apps need to be configured only in the Okta Admin console.

When iOS or Android device trust is configured in Okta, users on iOS or Android devices are redirected to Workspace ONE Access for authentication using the Mobile SSO (iOS) or Mobile SSO (Android) authentication method. Workspace ONE Access returns device posture information to Okta in the SAML response.

The access policies you configure in Okta then determine whether the device must be trusted in order to access the application. If the device is untrusted, a device enrollment page is displayed.

Configuring device trust for iOS and Android devices includes the following tasks.

  1. Configure Okta identity provider routing rules for iOS and Android devices.
  2. Enable Device Trust settings in Okta.
  3. Configure app sign-on policy rules in Okta.
  4. Configure the default access policy in Workspace ONE Access.

Make sure that you follow the preliminary procedures listed for the Device Trust use case in Main Use Cases before proceeding with the tasks in this section. The Device Trust use case requires end-to-end setup, covering all the procedures in this document.

Important: Do not add the Device Compliance (with AirWatch) authentication method to policy rules in Workspace ONE Access for apps that are configured with Device Trust in Okta. The Device Compliance authentication method is not compatible with apps using Okta Device Trust.
Important: Verify that the Device SSO Response, Enable Force Authn Request, and Enable Authentication Failure Notification properties in the Okta application source configuration in Workspace ONE Access are set to Yes. These properties are a requirement for the device trust solution for iOS and Android devices. See Configure Okta Application Source in Workspace ONE Access for information.
Note: This section applies to iOS and Android devices only. To configure device trust and access policies for desktop devices, see Configure Device Trust and Access Policies for Desktop Devices.