Fortifying the Zero Trust Framework with Okta Advanced Posture Checks for macOS

May 2025: This is an Early Access release Introduction In today's increasingly complex and perilous digital landscape, the concept of Zero Trust has evolved from a security buzzword to a fundamental architectural principle. Organizations are no longer able to implicitly trust any user or device, regardless of their location or network. This paradigm shift demands … Continue reading Fortifying the Zero Trust Framework with Okta Advanced Posture Checks for macOS →

“Enhancing Zero Trust with Okta Identity Threat Protection and Jamf Security: Continuous Access Evaluation Through Shared Security Signals”

IntroductionPrerequisites: Setting the Foundation for Okta Identity Threat Protection and Jamf Security Cloud IntegrationOkta RequirementsJamf Security Cloud RequirementsAdditional ConsiderationsDemosDemo - Jamf Trust Activation with OktaDemo - Identity Threat Protection with Jamf and Universal Logout - macOSDemo - Identity Threat Protection with Jamf and Universal Logout - Mobile devicesAuthorizing Jamf Trust in Your Okta OrganizationCreate a Jamf SSO … Continue reading “Enhancing Zero Trust with Okta Identity Threat Protection and Jamf Security: Continuous Access Evaluation Through Shared Security Signals” →

Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC

Okta Privileged Access is a SaaS offering. Currently it does not have an offline mode for local storage of break glass credentials. But you can extend it to do so, and that's the subject of this article. We look at a simple mechanism to export secrets from a folder and push them into a local … Continue reading Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC →

Mastering Okta Device Access: A Comprehensive Guide to Deploying Desktop MFA with Microsoft Intune

RequirementsOkta RequirementsMicrosoft Intune RequirementsOkta Desktop MFA ConfigurationOkta Verify DeploymentConvert Okta Verify into .intunewin PackageDeploy the Okta Verify .intunewin Package in Microsoft IntuneConfiguring Registry Settings for Okta Device Access in Microsoft Intune via a PowerShell ScriptConfigure and deploy Okta Device Access access policiesOkta Device Access - Windows DemosPasswordless LoginOffline login to Windows - Device Access CodeSelf-Service … Continue reading Mastering Okta Device Access: A Comprehensive Guide to Deploying Desktop MFA with Microsoft Intune →

Okta Device Access Allowed Factors on Windows

January 2025: This is an Early Access release IntroductionPrerequisitesConfigure Allowed Factors policyDemo Introduction We now have the capability to define which authentication methods users are allowed to utilize by setting a new registry value called AllowedFactors on Windows devices. This enhancement provides greater control and customization over authentication policies, allowing organizations to fine-tune security measures … Continue reading Okta Device Access Allowed Factors on Windows →

Okta Device Access – FIDO2 security keys for Windows

January 2025: This is an Early Access release IntroductionRequirementsActivating FIDO2 Support for the Desktop MFASet up the FIDO2 (WebAuthn) authenticatorSetting Up FIDO2 Security KeysUser registers YubiKey using the Okta End-User DashboardRegister a YubiKey on behalf of user in the Admin ConsoleAuthentication use casesAuthentication User verification "Disabled"Demo – Desktop MFA FIDO2 YubiKeyAuthentication User Verification “enabled”Demo – Desktop MFA FIDO2 YubiKeyReset a … Continue reading Okta Device Access – FIDO2 security keys for Windows →

Okta Device Access Out-of-the-box enrollment with Jamf Pro

April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia IntroductionRequirementsOktaApple Business Manager (ABM) AccountJamf Pro MDM ConfigurationDemosSecure macOS onboarding and Platform SSO enrollmentJust-in-Time (JIT) local account creation and Desktop MFA enrollmentConfigure Single-Sign-OnOkta ConfigurationJamf Pro ConfigurationConfigure Okta LDAP with Jamf ProOkta ConfigurationJamf Pro LDAP configurationOkta Device Access configurationSet up Device Access SCEP … Continue reading Okta Device Access Out-of-the-box enrollment with Jamf Pro →

Enhancing Security with Okta Identity Threat Protection and Omnissa

IntroductionPrerequisitesOktaOmnissaOmnissa configurationConfigure Security Events in OmnissaWorkspace ONE UEM Compliance policiesOkta Identity Threat Protection ConfigurationConfigure the shared signal receiverEntity Risk PolicyPolicy Structure and EvaluationActions Based on Matching RulesAdd an entity risk policy rule for Universal LogoutAdd an entity risk policy rule to run a WorkflowDemosITP Universal Logout - Omnissa Workspace ONE enrolled DeviceObservability & InsightsReview logs … Continue reading Enhancing Security with Okta Identity Threat Protection and Omnissa →

Okta Device Access with mosyle a step-by-step guide

April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia (mobileconfig template was updated) Introduction In this blog post, I’ll guide you through the process of configuring Okta Device Access Desktop MFA and Platform SSO for macOS devices managed with mosyle MDM. We’ll begin by setting up the required configurations within Okta, … Continue reading Okta Device Access with mosyle a step-by-step guide →

Using Ansible to Manage the Server Agent in Okta Privileged Access

This article looks at how Ansible could be used to manage the server agent ('sftd') on a fleet of Linux servers. The article assumes there's an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. IntroductionAnsible Set upSecurityOther Set upAnsible Automation ExamplesCheck Status and Start sftd ProcessCheck sftd VersionsUpdate … Continue reading Using Ansible to Manage the Server Agent in Okta Privileged Access →