Authentication policy custom expression


Our org SE sent us to support, who sent us here since the dev tenants have no formal support apparently. Please let us know if anyone can help with the following issue:

While testing in a dev tenant, we’re attempting to use a custom expression to limit app access via match browser userAgent header (using "request.userAgent.contains… syntax as documented on Custom Clients in Office 365 Sign On Policy | Okta). Every attempt to save the policy fails (The rule contains an EL condition … that is not supported by this policy.

Any suggestions what might be a fix? We are using proper syntax as in the documentation, just replacing WinWord with our own string value.


From my own tests, I’ve only seen filtering based on UserAgent to work on the special policy that is created for O365, no other policies appear to support access the userAgent in the custom expression.

I’m not sure if Dev orgs have access to this, but for anyone that stumbles across this, there is a feature enhancement request for exactly this on our Okta Ideas site: Idea #171506

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.