January 2025: This is an Early Access release IntroductionRequirementsActivating FIDO2 Support for the Desktop MFASet up the FIDO2 (WebAuthn) authenticatorSetting Up FIDO2 Security KeysUser registers YubiKey using the Okta End-User DashboardRegister a YubiKey on behalf of user in the Admin ConsoleAuthentication use casesAuthentication User verification "Disabled"Demo – Desktop MFA FIDO2 YubiKeyAuthentication User Verification “enabled”Demo – Desktop MFA FIDO2 YubiKeyReset a … Continue reading Okta Device Access – FIDO2 security keys for Windows
Author: Arkadiusz Krowczynski (Arki)
Okta Device Access Out-of-the-box enrollment with Jamf Pro
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia IntroductionRequirementsOktaApple Business Manager (ABM) AccountJamf Pro MDM ConfigurationDemosSecure macOS onboarding and Platform SSO enrollmentJust-in-Time (JIT) local account creation and Desktop MFA enrollmentConfigure Single-Sign-OnOkta ConfigurationJamf Pro ConfigurationConfigure Okta LDAP with Jamf ProOkta ConfigurationJamf Pro LDAP configurationOkta Device Access configurationSet up Device Access SCEP … Continue reading Okta Device Access Out-of-the-box enrollment with Jamf Pro
Enhancing Security with Okta Identity Threat Protection and Omnissa
IntroductionPrerequisitesOktaOmnissaOmnissa configurationConfigure Security Events in OmnissaWorkspace ONE UEM Compliance policiesOkta Identity Threat Protection ConfigurationConfigure the shared signal receiverEntity Risk PolicyPolicy Structure and EvaluationActions Based on Matching RulesAdd an entity risk policy rule for Universal LogoutAdd an entity risk policy rule to run a WorkflowDemosITP Universal Logout - Omnissa Workspace ONE enrolled DeviceObservability & InsightsReview logs … Continue reading Enhancing Security with Okta Identity Threat Protection and Omnissa
Okta Device Access with mosyle a step-by-step guide
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia (mobileconfig template was updated) Introduction In this blog post, I’ll guide you through the process of configuring Okta Device Access Desktop MFA and Platform SSO for macOS devices managed with mosyle MDM. We’ll begin by setting up the required configurations within Okta, … Continue reading Okta Device Access with mosyle a step-by-step guide
Okta Devices Access – Just in Time Account Creation for macOS with Microsoft Intune
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia Introduction to Just-in-Time Local Account Creation on macOS with Okta Just-in-Time (JIT) local account creation is a powerful feature that enables users to create a local account on a macOS device directly from the login window, using their Okta credentials. By … Continue reading Okta Devices Access – Just in Time Account Creation for macOS with Microsoft Intune
Just in Time Account Creation for macOS with Jamf Pro
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia Introduction to Just-in-Time Local Account Creation on macOS with OktaRequirements for Implementing Just-in-Time Local Account Creation with Okta on macOSEnable JIT provisioning in the Admin ConsoleAdd custom attributes to Platform SSO appSet up Device Access SCEP certificatesConfigure Okta as a CA for Device AccessCreate … Continue reading Just in Time Account Creation for macOS with Jamf Pro
Okta Device Access – Allowed Factors on macOS
IntroductionPrerequisitesConfigure Allowed Factors MDM policyOmnissa Workspace ONE UEMJamf ProKandjiMicrosoft IntuneDemo Introduction Admins can now control which verification methods users are permitted to authenticate with by configuring a new registry value called AllowedFactors. This provides greater flexibility in managing authentication options within the system. Prerequisites Okta Device Access Desktop MFA configured in your environment Okta Verify … Continue reading Okta Device Access – Allowed Factors on macOS
Desktop MFA Recovery for macOS
August 2024: This is an Early Access Feature IntroductionPrerequisitesEnable Device RecoveryConfigure Device RecoveryOmnissa Workspace ONE UEMJamf ProKandjiMicrosoft IntuneRequest a Device Recovery PINDemo Request a Device Recovery PINCreate Device Recovery PINDemo Create Device Recovery PINDemo Desktop MFA Admin RecoveryConclusion Introduction In today's security-focused environment, Multi-Factor Authentication (MFA) is crucial for protecting user accounts and data. However, … Continue reading Desktop MFA Recovery for macOS
Desktop Password Sync meets Platform SSO 2.0 and Microsoft Intune
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia IntroductionPrerequisitesSet up Device Access SCEP certificatesConfigure Okta as a CA with delegated SCEP challenge for Microsoft IntuneRegister the AAD app credentials for Okta in Microsoft EntraSet the Intune scep_challenge_provider permissionsSet the Microsoft Graph Application.Read.All permissionsGenerate a SCEP URL in OktaDownload the x509 certificate from OktaCreate … Continue reading Desktop Password Sync meets Platform SSO 2.0 and Microsoft Intune
Okta Device Access macOS TOTP account link
IntroductionPrerequisitesCreate / Adjust MDM ProfilesWorkspace ONE UEM ProfileJamf PRO ProfileKandji ProfileMicrosoft Intune ProfileDemo Introduction In Desktop MFA for macOS, admins can now choose between Okta Verify push notification and Okta Verify Time-based One-Time Password as the user verification method used to link an Okta account to the local macOS account.In this blog I will show you … Continue reading Okta Device Access macOS TOTP account link
IAMSE