Skip to content

User identification policy guide#6235

Open
brentschaus-okta wants to merge 12 commits into
masterfrom
tbs-okta-1193878-user-identification-policy-guide
Open

User identification policy guide#6235
brentschaus-okta wants to merge 12 commits into
masterfrom
tbs-okta-1193878-user-identification-policy-guide

Conversation

@brentschaus-okta

@brentschaus-okta brentschaus-okta commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Description:

  • What's changed?
    Adds a new guide, Configure a user identification policy, covering how to use the Policies API to manage user identification policies (USER_IDENTIFICATION type). The guide explains that the policy maps one-to-one to an app sign-in policy, is auto-managed alongside it (no direct create/map/clone/delete), and that you manage only its rules. It walks through finding the policy, reviewing the default rule, and creating/updating a rule to show or hide the Sign in with Okta FastPass button via showSignInWithOV (ALWAYS/NEVER), including platform/network conditions and the FastPass prerequisite.

    Changes:

    • New guide: docs/guides/user-identification-policies/ (index.md + main/index.md)
    • New sequence diagram asset: img/user-identification-policies/uip-evaluation-sequence.svg, embedded in the About section
    • Registers the guide in the guides overview (docs/guides/index.md)
    • Adds a User identification policies subsection to docs/concepts/policies/index.md
    • Updates the policy simulation guide to include user identification policies in its supported types list; adds a cross-reference section to the user identification policy guide; clarifies that rules can be created and updated but not deleted

    Review-round updates:

    • Renamed all references to the button from "Sign in with Okta Verify" to "Sign in with Okta FastPass" throughout the guide, the concepts page, and the sequence diagram
    • Removed the "ASOP" acronym — OIE calls this a sign-in policy, not a sign-on policy
    • Clarified that developers can't create identity policies directly; to get multiple identity policies, create multiple sign-in policies (each auto-creates a default identity policy) and assign apps to each
    • Added a note explaining why the showSignInWithOV field name still references "OV": it matches the existing Authenticators API naming convention and wasn't renamed for the FastPass rebrand (per Arsalan)
    • Added a note on the ALWAYS prerequisite (Okta Verify configured + FastPass enabled) and the resulting error message
    • Added a System Log query link near the top of the guide
    • Added a Next steps section with links to related guides and concepts
  • Is this PR related to a Monolith release?
    Yes — 2026.08.0. The feature is behind the USER_IDENTIFICATION_POLICY feature flag (EA). API spec: okta-oas3#3413 (OKTA-1177885).

Resolves:

Netlify Preview Link:

Netlify preview

@okta-prod-github-app

This comment was marked as outdated.

@brentschaus-okta brentschaus-okta added docs release Tagged to be released during scheduled docs release Work In Progress labels Jun 15, 2026
@okta-prod-github-app

This comment was marked as outdated.

- Add activate/update to unsupported direct operations
- Lowercase 'user identification policy' in prose and error string
- Update Okta FastPass not-enabled error message
- Remove deprecated settings.showSignInWithOV override note (no longer allowed)
- Add mappings link to list policies response example
- Add ACCESS_POLICY response example with userIdentificationPolicy link
- Diagram step 7: specify Okta FastPass enabled
@okta-prod-github-app

This comment was marked as outdated.

Add deactivate lifecycle link and _embedded.resourceType per Arsalan's
real org response. UIP example already matched.
@okta-prod-github-app

This comment was marked as outdated.

…ntry

Two back-to-back object literals broke the eval in build-overview-pages.js
(Unexpected token '{'), failing the site build.
@okta-prod-github-app

This comment was marked as outdated.

brentschaus-okta and others added 5 commits June 24, 2026 10:20
- Add 'Test your policy with policy simulation' section to the user
  identification policy guide (per Arsalan's feedback that simulation
  now includes this policy type)
- Clarify that rules can be created and updated but not deleted
- Add user identification policies to the supported types list in the
  policy simulation guide

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Corrected per Arsalan's feedback: only the default rule can't be
deactivated or removed; non-default rules can be created, updated,
and deleted.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
…equence diagram

Per Arsalan's feedback, the global gate (OV configured + FastPass enabled)
is now shown as an explicit call/response to the Okta Verify authenticator
rather than a self-loop footnote. Also updates the image alt text.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
…next steps

- Rename "Sign in with Okta Verify" button to "Sign in with Okta FastPass"
  throughout guide, concepts page, and SVG diagram (button name change)
- Remove ASOP acronym from SVG participant box subtitle
- Clarify developers manage rules only; add multi-policy pattern guidance
- Add System Log query link to guide intro
- Add HTML comment flagging showSignInWithOV field name as potentially
  unstable before GA
- Add Next steps section with links to related guides

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Remove speculative TODO comment about the field name possibly changing
before GA. Per API team (Arsalan), showSignInWithOV matches an existing
Authenticators API naming convention and was intentionally kept as-is.
Add a reader-facing note explaining why the field still says "OV" even
though the button is now branded as Okta FastPass.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@okta-prod-github-app

This comment was marked as outdated.

@okta okta deleted a comment from okta-prod-github-app Bot Jul 1, 2026
@okta okta deleted a comment from okta-prod-github-app Bot Jul 1, 2026
@okta okta deleted a comment from okta-prod-github-app Bot Jul 1, 2026
@okta okta deleted a comment from okta-prod-github-app Bot Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@arsalanbadar-okta @andreeajurj-okta @grahamsmith-okta — re: the > **Notes:** block added in user-identification-policies/main/index.md lines 55-58.

Arsalan clarified that showSignInWithOV kept its existing name from the Authenticators API rather than being updated for the FastPass rebrand, so I added a note explaining why the field still says "OV." Curious what you all think — does this read clearly, and is there anything to add or correct?

Match the repo-wide bold-link-colon convention instead of an em dash.
@okta-prod-github-app

Copy link
Copy Markdown

Acrolinx score

A minimum Acrolinx Score of 80 is required. The total score is an average of the subscores.
Select Total score to review the Acrolinx scorecard for your article. Try to increase your individual scores, for example: Correctness. Your content will be clearer and more consistent.

Article Total score
Required:80
Word and phrases
(Brand, terms)
Preferred: 80
Correctness
(Spelling, grammar)
Preferred: 80
Clarity
(Readability)
Preferred: 80
Inclusive language
(+ accesibility)
Preferred: 80
packages/@okta/vuepress-site/docs/concepts/policies/index.md 86 81 86 65
packages/@okta/vuepress-site/docs/guides/index.md 87 67 80 78
packages/@okta/vuepress-site/docs/guides/policy-simulation/main/index.md 84 79 79 88
packages/@okta/vuepress-site/docs/guides/user-identification-policies/index.md 100 100 100 100
packages/@okta/vuepress-site/docs/guides/user-identification-policies/main/index.md 81 100 58 39

Successfully checked 5 of 5 documents.
See summary in Content Analysis Dashboard

Reopen the pull request or push new changes to check again.

Depending on the Acrolinx server configuration, the
links expire after some time and you must have a login for the
Acrolinx server to access them again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs release Tagged to be released during scheduled docs release Work In Progress

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant