Device Fingerprinting

Hi Everyone!

I’m raising a question to understand a bit more about the device fingerprinting in Okta. What detail about the device would Okta essentially store? We are keen to understand the strength of the device check. How difficult it is to break this mechanism?

Responses appreciated!

Thanks,
Ranjini

Hi there,

Here is some information in regards to security: https://developer.okta.com/docs/reference/api/authn/#primary-authentication-with-activation-token

Okta seems to store:

  • fingerprint
    -account being authenticated
    -ip address
    -location
    -whether the authentication was successful

You should see the above information (apart from fingerprint) in your logs when a user is verified. (It should display the MFA factor/how or what the user authenticated against).

This is a very difficult mechanic to break unless the ‘device’ you give your fingerprint/Okta access to is not verified by you or Okta.