Introducing the AI Agent for Okta This is a technical deep dive for the AI agent for Okta (created by Fctr) which is a powerful, open-source tool that lets IAM engineers, managers, and auditors query their Okta tenants using plain English. Get ready to streamline workflows, save countless hours spent scripting to create the necessary … Continue reading Okta AI agent for Natural Language Querying
Category: Access Management
Okta Device Access Allowed Factors on Windows
January 2025: This is an Early Access release IntroductionPrerequisitesConfigure Allowed Factors policyDemo Introduction We now have the capability to define which authentication methods users are allowed to utilize by setting a new registry value called AllowedFactors on Windows devices. This enhancement provides greater control and customization over authentication policies, allowing organizations to fine-tune security measures … Continue reading Okta Device Access Allowed Factors on Windows
Okta Device Access – FIDO2 security keys for Windows
January 2025: This is an Early Access release IntroductionRequirementsActivating FIDO2 Support for the Desktop MFASet up the FIDO2 (WebAuthn) authenticatorSetting Up FIDO2 Security KeysUser registers YubiKey using the Okta End-User DashboardRegister a YubiKey on behalf of user in the Admin ConsoleAuthentication use casesAuthentication User verification "Disabled"Demo – Desktop MFA FIDO2 YubiKeyAuthentication User Verification “enabled”Demo – Desktop MFA FIDO2 YubiKeyReset a … Continue reading Okta Device Access – FIDO2 security keys for Windows
Okta Device Access Out-of-the-box enrollment with Jamf Pro
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia IntroductionRequirementsOktaApple Business Manager (ABM) AccountJamf Pro MDM ConfigurationDemosSecure macOS onboarding and Platform SSO enrollmentJust-in-Time (JIT) local account creation and Desktop MFA enrollmentConfigure Single-Sign-OnOkta ConfigurationJamf Pro ConfigurationConfigure Okta LDAP with Jamf ProOkta ConfigurationJamf Pro LDAP configurationOkta Device Access configurationSet up Device Access SCEP … Continue reading Okta Device Access Out-of-the-box enrollment with Jamf Pro
Okta Device Access with mosyle a step-by-step guide
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia (mobileconfig template was updated) Introduction In this blog post, I’ll guide you through the process of configuring Okta Device Access Desktop MFA and Platform SSO for macOS devices managed with mosyle MDM. We’ll begin by setting up the required configurations within Okta, … Continue reading Okta Device Access with mosyle a step-by-step guide
Okta Devices Access – Just in Time Account Creation for macOS with Microsoft Intune
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia Introduction to Just-in-Time Local Account Creation on macOS with Okta Just-in-Time (JIT) local account creation is a powerful feature that enables users to create a local account on a macOS device directly from the login window, using their Okta credentials. By … Continue reading Okta Devices Access – Just in Time Account Creation for macOS with Microsoft Intune
Just in Time Account Creation for macOS with Jamf Pro
April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia Introduction to Just-in-Time Local Account Creation on macOS with OktaRequirements for Implementing Just-in-Time Local Account Creation with Okta on macOSEnable JIT provisioning in the Admin ConsoleAdd custom attributes to Platform SSO appSet up Device Access SCEP certificatesConfigure Okta as a CA for Device AccessCreate … Continue reading Just in Time Account Creation for macOS with Jamf Pro
Okta Breached Password Detection
Okta recently made its Breached Password Detection Functionality generally available. This functionality is enabled by default. If your user's credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log. By default, Okta expires the user's credentials and requires the user to reset their password the next time they attempt to … Continue reading Okta Breached Password Detection
Okta Device Access – Allowed Factors on macOS
IntroductionPrerequisitesConfigure Allowed Factors MDM policyOmnissa Workspace ONE UEMJamf ProKandjiMicrosoft IntuneDemo Introduction Admins can now control which verification methods users are permitted to authenticate with by configuring a new registry value called AllowedFactors. This provides greater flexibility in managing authentication options within the system. Prerequisites Okta Device Access Desktop MFA configured in your environment Okta Verify … Continue reading Okta Device Access – Allowed Factors on macOS
Desktop MFA Recovery for macOS
August 2024: This is an Early Access Feature IntroductionPrerequisitesEnable Device RecoveryConfigure Device RecoveryOmnissa Workspace ONE UEMJamf ProKandjiMicrosoft IntuneRequest a Device Recovery PINDemo Request a Device Recovery PINCreate Device Recovery PINDemo Create Device Recovery PINDemo Desktop MFA Admin RecoveryConclusion Introduction In today's security-focused environment, Multi-Factor Authentication (MFA) is crucial for protecting user accounts and data. However, … Continue reading Desktop MFA Recovery for macOS
IAMSE