π Okta Kolide Upgrade
π€ What's happening?
Most people are now using a new Okta login flow that allows for passwordless sign in using Okta FastPass and Kolide.
If you've been sent here, you're likely in the group of people who are yet to move over to this new way of signing in.
Before we turn off the old password and Kolide sign in method, we want to make sure you'll still be able to sign in afterwards using the new Okta FastPass and Kolide method π€
β What do I need to do?
When you're ready, head to this page. You'll be able to test the new log in flow on your device, and if needed, upgrade your experience by setting up Okta Verify and FastPass.
If you already have Okta Verify set up on this device, you should be able to login, the test will succeed and you'll be removed from the old policy. No more nagging from us π
If you don't have Okta Verify set up on this device yet, one of two things will happen while you're logging in...
Okta prompts you to set it up, which will look like this...
In this case, just follow the instructions from Okta to set up Okta Verify on your device. You'll be asked to verify with your password and Kolide one more time.
Okta doesn't prompt you to set it up, which will look like this...
This may be because you already have Okta Verify set up on another device. Take a look at this guide to see how to set up Okta Verify on your device by using one of your other devices.
If you get stuck at any point or can't set up Okta Verify, just reach out to TechOps in #techops-help or email us at techops-help@octopus.energy.
Once you're done setting up Okta Verify on your device, come back to the test page and try again.
βΉοΈ More details please!
So if you want to get a little more technical, here's what's changing...
Kolide has improved the way it integrates with Okta. Previously, Kolide (and your registered device) used to be considered an authentication factor. This came with a number of problems...
- Since Okta requires at least two types of factors to sign in, and Kolide and Okta Verify were considered the same "type", we had to require your password and then Kolide. We couldn't allow for passwordless sign in using Okta FastPass and biometrics.
- Because your device was a factor, whenever you needed to register a new device with Kolide, you needed to approve it from another trusted device. This process is a bit cumbersome when you don't have your other trusted device with you.
Now, Kolide isn't considered as an authentication factor, but instead just an additional check during the log in flow. This means we can now use Okta Verify with FastPass to allow for passwordless sign ins again, and since your device isn't a "trusted" factor, we won't need you to approve your registrations anymore.
We can only turn off the requirement to approve new Kolide device registrations once everyone has switched to this new integration. That's why it's important that we get you moved over, so everyone can benefit from this change.