OKTA Tips : Activate Device Trust

Oct 1, 2021 3 min read
OKTA Tips : Activate Device Trust


In the past few years, employees are increasingly mobile and, with the COVID pandemic, teleworking has exploded all over the world and more precisely in France.
Indeed, for the latter, our administrations and hierarchies were quite resistant to teleworking because it was often related to Human Resources problems, or simply to the visibility of employees work and by extension productivity.
In France, working remotely was synonymous with "lax" work, with employees working "when they wanted without necessarily doing the legal working hours they must do".

Basic Assumptions

With this in mind, and thus allowing employees to work with any terminal, whether professional or personal, the notion of "Device Trust" was created. What this notion consists of:

  • Identify risky devices and enforce contextual access policies across managed and unmanaged devices.
  • Give access to ressources asked by users but with all security concerns.
  • Helps you enforce your enterprise's compliance or security policies by defining a minimum set of requirements for devices like for example to have an antivirus up-to-date for Windows before accessing ressources.

What does OKTA offer ?

OKTA, leader in identity, has very well understood these new challenges and has decided to explore this new concept that is device trust. Thus, with OKTA, it is possible to create the Device Trust for the following devices:

  • iOS
  • Android
  • Windows
  • macOS

To achieve this, OKTA can therefore rely on the major EMM solutions of the market such as MS Intune, VMware Workspace One (Android and iOS) or JAMF (macOS) and for the Windows case, OKTA manages it directly with these own tools.

How to configure Device Trust

In this example, to apply device trust for mobile iOS/Android with VMware Workspace One UEM, follow the steps below in:

  • In your OKTA Admin Console, create, configure and assign Workspace One App to your users.
  • Go now to the VMware Access console, setup the metadata for OKTA Application in the Settings of the App Catalog and OKTA as Application Sources
  • Back on the OKTA console, activate the "device Trust" options in Security Tab and fill out the EMM URL to enroll device if needed
  • Once finished, last thing is to configure the Routing Rules in Identity Providers menu, and Sign On Policies for each applications concerned by your access control on OKTA Console.


With OKTA, we can already implement security policies of Device Trust, in a near future with the new update, you will be able to go further in securing devices with Okta FastPass. This feature will give the possibility of differentiating whether a terminal is enrolled and managed or not directly during authentication with Okta or when a user try to connect to an application.

Find out more about Okta's support for terminals here.

Great! Next, complete checkout for full access to Mobinergy Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Mobinergy Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.