XFA Connect can be used as a possession factor through the idp-factor functionality in Okta. This allows XFA to be seamlessly added to any application from within the Okta admin dashboard, given that it uses Okta as the identity provider.
When a user authenticates with Okta, as an additional factor after supplying a username & password, the user is redirected to XFA to verify that the device is compliant with the device security policy before authenticating the user. This assures that only devices that comply with the security policy are allowed access.