An introduction to the Okta Identity Engine

An introduction to the Okta Identity Engine

Okta is constantly improving, and like all software products, there are sometimes structural changes required that cannot be just removed or modified without turning the bigger wheel. This is what the Okta Identity Engine is about. Further we will give an introduction to the platform.

Identifying the platform

Okta has revamped the underlaying fundament of the environment to make it fit for new and changed requirements from customers. This change requires customers to recognize which platform they are on; Okta Identity Engine or Okta Classic Engine. It is also shown in the Okta Documentation as different sections:

Different sections for Identity & Classic EngineDifferent sections for Identity and Classic Engine

In this series we’ll look at detail in the bigger differences. Make sure that you have identified the platform you are on by checking the version number in your Okta Admin Dashboard footer. If it has an “E” to the version number you are on the Identity Engine.

OIE Example of a version informationExample of a version information

Okta will never move your tenant to the Identity Engine without notifying you. There will be an informed process of the migration with an aligned timeline and procedure. The migration itself, however, will be without any impact on the user experience or requirement for admin participation.

The key features

Upgrading the platform introduces a few changes as well as new features. A lot of changes happened in details, some of them outside of note of customers, but there are a couple of key features that have been introduced with OIE. We will visit all these in this series in greater detail.

1. FastPass

Okta FastPass is a new way for leveraging Okta Verify to authenticate users quick and securely to Okta. When logging in with a device for the first time, Okta can now use Okta Verify to remember the device and create a secure multi-factor authentication with just one device. Users on a computer, like MacOS or Windows PC, now don’t need their phone with them. They can just use the locally installed Okta Verify to authenticate passwordless by using the device's biometrics and the device context.

Okta FastPassAuthenticate passwordless with Okta FastPass

2. Device Context

Thanks to the added functionality to the authentication process Okta can now hold the device information in addition to the user information. Administrators can now see the users’ devices that they’ve connected from to Okta and adjust the authentication policies depending on the context or suspend or revoke devices from connecting:

Example of a device context page for one userExample of a device context page for one user

3. App-level Policies

Authentication and app-sign in policies have received a major upgrade and are now global session and app-level policies. The main difference is that there are now more options for the administrators to adjust the authentication requirements based on the context from where the user tries to connect, like location, device context, managed/unmanaged device, type of device, etc.

Example of an app-level policy for the sign-on contextExample of an app-level policy for the sign-on context

The added features are configurable on the app-level policies, which makes it easier now to adjust authentication for high or low risk applications. Apps can be assigned to a authentication policy to make management of app-level policies easier.

Authentication policies can hold multiple appsAuthentication policies can hold multiple apps

4. Flexible Account Recovery

Account recovery is still one of the pain points of modern IT administration. It's often complicated and time-consuming for both the users as well as the service management. With flexible account recovery Okta now gives more options to allow users to recover their accounts independently from manual administrator interaction, while maintaining the highest levels of security. Administrators are able to control the options given to the users to reset their factors.

Options for self-service account recoveryOptions for self-service account recovery


The Okta Identity Engine provides a ton of changes to the well-established Okta platform. The examples provided are what we feel are the most important ones for both new and existing customers. In the following series we'll look further into them.

For more information go to Okta's landing page for Identity Engine and the Okta Identity Engine documentation.