Secure Access from Unmanaged Devices with Okta Device Assurance

In the aftermath of the pandemic, the world’s dependency on digital identity has grown exponentially. With identity as the foundation for all things security, it is important to understand what digital identity means. Digital identity is composed of two entities: users and their devices. Digital transformation and the rapid adoption of smartphones has empowered users to interact with business systems and conduct transactions from their personal devices. Smartphones have become the de-facto choice, as they offer immense flexibility to the end user and enhance business productivity. This development has led enterprises to introduce BYOD (bring your own device) policies in their workplace. 

However, this flexibility brings its own set of security challenges. When a business implements BYOD policies without security checks, it opens itself to compromised intellectual property, data leaks, and harm to reputation among customers and employees. This can seriously impact the bottom line. To mitigate the risks of this open threat vector, security admins demand enhanced verification of the devices interacting with their organization’s digital infrastructure and data assets. 

Okta’s Device Trust allows enterprises to ensure devices are managed by an endpoint management tool—before end users can access apps from their devices. But, users were apprehensive about heavy security management tools/apps being deployed on their personal devices. It exposed their data to overt monitoring and instilled a fear of non-consensual remote wiping. With its recently released device assurance capability, Okta aims to strike a fine balance between privacy, security, and end-user experience. 

Device assurance, when combined with authentication policy rules, amplifies the security posture needed for restricted access. It enables IT admins to allow or deny access to applications based on device signals. Additionally, it secures access from contractors’ and partners’ unmanaged devices by introducing basic device checks in real time to protect critical corporate data. The feature verifies security of the device based on signals like OS version, PIN Code, disk encryption, and jailbreak/root detection. It is part of the Okta Verify app, which takes away the need to deploy heavy device management tools and sets the minimum security checks to prevent any compromise.

Furthermore, users can now check the security health of their devices by opening the Device Health page in Okta Verify. If all checks pass, your device is secure. If you find warnings, follow the instructions to fix the issues. In the image below, the user has to update the iOS version to include a specific security patch to resolve the highlighted issue. 

mtVL2l7UQvZRqhDpzw32UVeEKr uamTetDNfsDv7vAPq uIFFLDZcXmE5RoU Ts0PHRnU1DzaF6RZVGks3BZQrJymuIDajfKguFg8aXkSNuEHF5Z655Xu07qn0Pr8FrupZ8DTyJEPu N ElcZ8flmt uDlY56jL1Be6dKfQj0mXv7aZ3aheZiew  A

Validating unmanaged devices for a passwordless future

Passwordless authentication is an important pillar of the organization’s zero trust infrastructure. The reasons are simple–passwords are the most compromised form factor, deter employee productivity, and have a massive management cost associated with them. With device assurance combined with FastPass, users can achieve secure, frictionless access on unmanaged devices. To learn more about Okta’s always-on, passwordless solution, check out FastPass

To understand more about how this feature works, check out this video on device assurance.