ZeroTek

Part of the <a href="https://intercom.help/zerotek/en/articles/14173671-okta-fastpass-setup-guide" rel="nofollow noopener noreferrer" target="_blank">Okta FastPass Setup Guide</a>.

This procedure assumes you have completed the steps to Activate Okta FastPass as an eligible verification option.

To allow passwordless access to apps, this procedure adds two rules to the authentication policy that governs the Okta Dashboard app:

A rule that allows users who meet FastPass requirements to authenticate

A catch-all deny rule that blocks access to anyone who doesn't

- A rule that allows users who meet FastPass requirements to authenticate
- A catch-all deny rule that blocks access to anyone who doesn't

For most Okta orgs set up according to ZeroTek best practices, this means modifying the Any two factors policy.

Deep Link or login to the target Okta Admin Console, then navigate to Security &gt; Authentication Policies.

Verify that the Any two factors policy governs the Okta Dashboard app.

1. Deep Link or login to the target Okta Admin Console, then navigate to Security &gt; Authentication Policies.
2. Verify that the Any two factors policy governs the Okta Dashboard app.

Click the Any two factors policy, then click Add rule.

Name the rule Auth - FastPass - Allow.

For AND User's group membership includes, select At least one of the following groups, then type the name of the group you are configuring for Okta FastPass. In most cases this will be Policy - All Staff.

- AND Device state is: Registered
- AND Device management is: Not managed

- THEN Access is: Allowed after successful authentication
- AND User must authenticate with: Any 2 factor types
- AND Possession factor constraints are: Require user interaction (see Note below)
- AND Authentication methods: Allow any method that can be used to meet the requirement

In the Prompt for authentication area, select When an Okta global session doesn't exist, then click Save.

1. Click the Any two factors policy, then click Add rule.
2. Name the rule Auth - FastPass - Allow.
3. For AND User's group membership includes, select At least one of the following groups, then type the name of the group you are configuring for Okta FastPass. In most cases this will be Policy - All Staff.
4. Configure the following device settings:
 - AND Device state is: Registered
 - AND Device management is: Not managed
5. Configure the following access settings:
 - THEN Access is: Allowed after successful authentication
 - AND User must authenticate with: Any 2 factor types
 - AND Possession factor constraints are: Require user interaction (see Note below)
 - AND Authentication methods: Allow any method that can be used to meet the requirement
6. In the Prompt for authentication area, select When an Okta global session doesn't exist, then click Save.

Selecting Require user interaction for possession factor constraints means users authenticating with Okta FastPass must approve an Okta Verify prompt.

In the Then access is area, click Denied, then click Save.

1. Click Add rule.
2. Name the rule Catch All - Deny.
3. In the Then access is area, click Denied, then click Save.

Make sure the rules in the Any two factors policy are in the following order:

1. Auth - FastPass - Allow
2. Catch All - Deny
3. Catch All Rule

1. Make sure the rules in the Any two factors policy are in the following order:
 1. Auth - FastPass - Allow
 2. Catch All - Deny
 3. Catch All Rule

In the Verification options area, make sure Okta FastPass (All platforms) is selected.

In the Okta FastPass area, select Show the "Sign in with Okta FastPass".

In the Enrollment options area, leave the default Any method.

In the Device passcode or biometric user verification area, beside Enrollment, click Required.

For Number challenge for Okta Verify push, click Never, then click Save.

1. In the Verification options area, make sure Okta FastPass (All platforms) is selected.
2. In the Okta FastPass area, select Show the "Sign in with Okta FastPass".
3. In the Enrollment options area, leave the default Any method.
4. In the Device passcode or biometric user verification area, beside Enrollment, click Required.
5. For Number challenge for Okta Verify push, click Never, then click Save.

As part of the <a href="https://intercom.help/zerotek/en/articles/14173671-okta-fastpass-setup-guide" rel="nofollow noopener noreferrer" target="_blank">Okta FastPass Setup Guide</a>, you should now <a href="#">Make sure Okta Verify is installed and configured as required</a>.

If you are working in a sandbox environment, you can test your setup now: install Okta Verify on a Windows or macOS device, add a user account from the configured group, and attempt to authenticate with Okta FastPass. If successful, you are ready to repeat the FastPass configuration in your production environment. See the full testing guidance in the <a href="#">Okta FastPass Setup guide</a>.

___________________________________________________________

Need help? Contact ZeroTek Support at <a href="mailto:support@zerotek.com" rel="nofollow noopener noreferrer" target="_blank">support@zerotek.com</a>.

Modify the "Any two factors" authentication policy to support Okta FastPass

Create a custom design with text, images, and links

Missing Articles?

Contact Support

Contact Sales

Privacy & Security

Find answers and get help from Intercom Support and Community Experts

Conversations you've started through the messenger will appear here.

No conversations created by you

Try using different keywords or checking for typos.

No conversations found

Title

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Modify the "Any two factors" authentication policy to support Okta FastPass

Steps

Verify the correct policy

Create a FastPass allow rule

Create a catch-all deny rule

Confirm rule order