Configuring Okta FastPass is typically straightforward for Okta orgs if the baseline configuration was completed according to the NEW ORG SETUP guide and you have followed ZeroTek's MSP best practices for organizing Okta groups.
β
However, if the Okta org you are working with has more complex or non-standard configurations, the following discovery questions can help support the planning process and a successful outcome. Similarly, if you decide to engage with ZeroTek Support for assistance with Okta FastPass, you can expect to be asked some or all of the following questions.
When is a user allowed this experience based on device context? Should it be all devices? Registered devices only? Managed devices only?
What requirements must a login event meet to allow this flow?
What kind of devices are predominant in the environment? Do all of these have native biometric access? Would you like to make sure that biometric flows are used every time?
What are the authentication requirements for each app? You should understand Okta assurance levels and how they apply to authenticator types.
What other factors are allowed in Okta?
Does the organization use on premises Active Directory?
Are there any legacy systems in the environment that may still require passwords, such as on-premises AD-joined machines, Entra-joined machines, devices with TecMFA set up, and RADIUS integrations? (The method to configure Okta FastPass provided below will not affect access to systems that continue to require passwords.)
Do you allow users to bring their own devices?
Do you want a different user experience depending on the device platform (for example, iOS, or Windows)?
Do you want users to be logged in silently without user interaction?
Do you want your app policies to apply to users from specific network zones
SEE ALSO
β