Skip to main content

Okta FastPass Setup guide

Go fully passwordless with Okta FastPass, supported by ZeroTek's field-tested MSP best practices.

When ZeroTek says "go passwordless," we simply mean end users authenticate to Okta and their apps without ever entering a password. Okta FastPass is the best way to deliver this low friction, high security experience to your clients.

If you have followed ZeroTek's New Org Setup guide, your clients' Okta orgs are already configured for high security and a near-passwordless experience — Okta Verify is required for all human users, MFA is enforced, and the right groups and policies are in place. Okta FastPass builds on that foundation to deliver fully passwordless authentication. It is also a prerequisite for configuring Okta Device Trust.

FastPass is straightforward to configure and impressive once it's live — but the org needs to be ready for it. Before you start, make sure the org has been stable and operating as expected for some time, with no known configuration issues outstanding.

WARNING

DO NOT remove passwords as described in this Okta article.

Before you begin

  1. Confirm MSP best practices are in place – ZeroTek's FastPass configuration assumes the org's baseline was completed according to the New Org Setup guide. Specifically:

    1. The groups and policies recommended in the New Org Setup guide exist.

    2. Okta Verify is a required authenticator for all human user accounts.

    3. If either of these is not in place, contact [email protected] before proceeding.

  2. Test in a sandbox environment – Configure and validate FastPass in a sandbox org before touching production. The sandbox must mirror key configurations in the production org. Do not skip this step if there is any uncertainty about the org's readiness.

  3. Plan carefully – If the org has complex or non-standard configurations, or if you are considering engaging ZeroTek Professional Services, review these discovery questions before you begin.

IMPORTANT

If any users will be using Google Chrome for Okta FastPass, it is important to educate users about a one-time prompt they will receive, and how to respond to it. Okta also offers an Early Access feature that helps improve the user experience of the prompt, which is best activated before you go live (in sandbox or live environments). Full details: Okta notification: Securing browser environments with Chrome managed profiles.

1️⃣ Identify the group and configure the global session policy

  1. Identify the user group to configure for Okta FastPass. In most cases this will be the Policy - All Staff group created during New Org Setup. If you do not have this group or an equivalent, contact [email protected] before proceeding.

  2. Configure the global session policy for the user group that will use Okta FastPass.

2️⃣ Configure authentication mechanics

  1. Activate Okta FastPass as an eligible verification option.

  2. Modify the "Any two factors" authentication policy to support Okta FastPass.

  3. Make sure Okta Verify is installed and configured as required to support a seamless authentication experience.

3️⃣ Test the end user experience

  1. Test your setup. Use an account from the configured group to sign in to Okta using Okta FastPass. If authentication is successful, repeat the configuration in your production environment and go live.

  2. (Optional) Configure additional settings for the end user experience:

Need help? Contact ZeroTek Support at [email protected].

Related Articles
Okta Device Trust Setup guide
Configure the global session policy for Okta FastPass
Activate Okta FastPass as an eligible verification option
Modify the "Any two factors" authentication policy to support Okta FastPass
Deploy the Okta Verify app – Okta FastPass
Did this answer your question?