How Per Device Remember me API works

I have setup a sign on policy with a rule to prompt for factor, and have Per Device selected, and Remember Device By Default checked.

I see the response coming back after logging in

“policy”: {
“allowRememberDevice”: true,
“rememberDeviceLifetimeInMinutes”: 0,
“rememberDeviceByDefault”: true,
“factorsPolicyInfo”: {}

But how do I utilize this feature, so that the MFA question is not required when logging in from the same device?
I do not see anything on the object to post back when I verify the question answer?

Thank you.

I see now that I must pass the devicetoken during the authentication process like below…
“username”: “someuser”,
“password”: “********”,
“Context”: {
“deviceToken”: “LcXgMJAvofqXc+njrIIzf6Kc4TIs6wmo”

and then add /verify?rememberDevice=true to the MFA authentication URL, but I still am getting MFA_REQUIRED when logging back in again passing the same devicetoken.

I also have the Per Device selected in my Sign On policy Rule.

Am I missing a step?

context should be lower case

Authenticate with devise token



“username”: “{{username}}”,
“password”: “{{password}}”,
“options”: {
“multiOptionalFactorEnroll”: false,
“warnBeforePasswordExpired”: true
} ,
“context”: {
“deviceToken”: “26q43Ak9Eh04p7H6Nnx0m69JqYOrfVBY”

Then you need to verify : {{url}}/api/v1/authn/factors/{{factorId}}/verify?rememberDevice=true

“stateToken”: “{{stateToken}}”,
“passCode”: “389340”

Next time you login with same device token should get session token and not "MFA_REQURED . If you implementing this with own application you need to create cookie with device id. Ithas to be secured cookies.
Okta drops device cookie “DT” in browser . If you clear your cache then you will be ask again. You need to implement this flow in login process to validate DT and every time user login