From f81c6d11cc2544126c3ebc283a5ec54902fc10a6 Mon Sep 17 00:00:00 2001
From: Ram Gandhi <88446695+ramgandhi-okta@users.noreply.github.com>
Date: Wed, 20 Mar 2024 13:00:21 -0400
Subject: [PATCH] Added a note about mandatory `Device State = Any` policy
 setting

SSO Token exchange step with 400 error since device registration is not detected during this step
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index bc4a964..81d6d8f 100644
--- a/README.md
+++ b/README.md
@@ -621,6 +621,7 @@ have equivalent policies if not share the same policy. If the AWS Federation
 app has more stringent assurance requirements than the OIDC app a `400 Bad
 Request` API error is likely to occur.
 
+Note: In authentication policy rule of AWS Federation app, **Device State** must be set to **Any** for using Okta AWS CLI. Other options are not supported at this time.
 
 ## Operation