This page is for articles relating to the Okta Device Access (ODA) product.
Okta Device Access Overview
Okta Device Access (ODA) is a set of capabilities to leverage devices for increased security with Okta. It is currently focussed on Windows (like laptops, desktops, VMs and servers) and macOS devices.
The following figure shows the major components and integrations with the wider Okta Workforce Identity Cloud platform and external systems.
The solution leverages Okta Verify on Microsoft Windows workstations and Apple macOS workstations to implement capabilities such as desktop MFA, password sync and self-service password reset. Both macOS and Windows workstations leverage Okta Verify and local configuration to implement the capabilities. (these may be deployed by an external device management product). Okta Verify will work with Okta and Verify on mobile devices to implement the different use cases.
As of the start of Feb 2025, the following capabilities are available (some in Early Access):
- Okta Device Access for Windows
- Desktop MFA for Windows
- Also:
- Desktop passwordless login
- Self-service password reset
- FIDO2 support for MFA
- Okta Device Access for macOS
- Desktop Password Sync for macOS
- Desktop MFA for macOS
- Also:
- Just-in-time local account creation
- Desktop MFA recovery flow
- FIDO2 support for MFA
You should check the Okta product documentation for the current list of features.
The Okta Device Access articles on this site are listed below.
Okta Device Access Posts
The following articles are specific to Okta Device Access.
Farewell, Complexity: Platform SSO Simplified Setup on macOS 26 Powered by Okta and Jamf
Introduction The introduction of Platform Single Sign-On (SSO) by Apple was a major step, but with macOS 26 (Tahoe), the game has fundamentally changed. Apple introduced Simplified Setup for Platform SSO, fundamentally redefining the user experience. By leveraging this new framework, organizations using Okta for identity and Jamf Pro for device management can finally achieve…
Unifying Your Corporate PKI with Okta Device Access
Introduction While Okta can act as a Certificate Authority (CA), many enterprises prefer to leverage their existing Public Key Infrastructure (PKI), namely Microsoft Active Directory Certificate Services (ADCS). This technical guide provides a, step-by-step approach to using your own ADCS CA with Okta Device Access. We’ll delve into the process of creating a custom certificate…
Streamlining Windows Admin Recovery with Okta Device Access and Intune Integration
August 2025: This is an Early Access release Introduction In today’s interconnected enterprise landscape, robust identity and access management (IAM) is no longer a luxury but a fundamental pillar of cybersecurity. As organizations increasingly adopt cloud-first strategies and embrace a distributed workforce, securing endpoints, particularly Windows devices, becomes paramount. Okta Device Access significantly extends Okta’s…
Device Logout for macOS
August 2025: This is an Early Access release Introduction In today’s fast-paced enterprise environment, ensuring the security of user sessions across devices is more critical than ever. With employees accessing corporate resources from multiple macOS devices—laptops, desktops, and shared workstations—organizations face increasing risks from unauthorized access, session hijacking, and compromised credentials. The Okta Device Logout…
Okta Device Access: FIDO2 Passwordless Windows Login
July 2025: This is an Early Access Release Introduction This technical blog post offers an exploration of Okta Device Access Desktop MFA with FIDO2 Passwordless for Windows, a transformative solution designed to fundamentally redefine the Windows login experience. We’ll dissect the technical intricacies of its implementation, delineate the critical requirements for seamless integration, and illuminate…
Smarter Access Control: A Deep Dive into Okta Authentication Policies and Related Elements
Authentication policies in Okta provide a flexible and powerful way to control how users access applications and services. By defining specific conditions—such as user group membership, device trust level, location, or network—administrators can enforce tailored authentication requirements like multifactor authentication (MFA) or passwordless sign-ins. These policies help organizations enhance security, meet compliance standards, and improve…
Mastering Okta Device Access: A Comprehensive Guide to Deploying Desktop MFA with Microsoft Intune
Requirements This blog post will serve as a comprehensive guide to deploying and configuring Okta Device Access (ODA) Desktop MFA for Windows using Microsoft Intune. Below are the key requirements to ensure a successful implementation. Okta Requirements Microsoft Intune Requirements Okta Desktop MFA Configuration In the Admin Console, go to Settings, Account, Embedded widget sign-in support.And ensure…
Okta Device Access Allowed Factors on Windows
January 2025: This is an Early Access release Introduction We now have the capability to define which authentication methods users are allowed to utilize by setting a new registry value called AllowedFactors on Windows devices. This enhancement provides greater control and customization over authentication policies, allowing organizations to fine-tune security measures and align them with…
Okta Device Access – FIDO2 security keys for Windows
January 2025: This is an Early Access release Introduction When integrating Okta Device Access with FIDO2 security keys for Windows environments, the process enables robust multi-factor authentication (MFA) for user devices, enhancing overall security. By leveraging FIDO2 security keys such as YubiKeys, organizations can streamline authentication and ensure users are protected against credential-based attacks. The…
Something went wrong. Please refresh the page and/or try again.