Pinterest has enforced the use of managed and compliant devices in our Okta authentication flow, using a passwordless implementation, so that access to our tools always requires a healthy Pinterest device.
Following the phishing-based attacks against our peers in the tech industry, Pinterest decided to take a two pronged approach to defend against similar attacks. We decided to:
- Require a managed and healthy Pinterest device be used to access all Pinterest resources, even when in the possession of valid credentials
- Require FIDO2 credentials for user authentication
In this post, we’ll be focusing on how we required the use of Pinterest managed devices in our Okta authentication flow.