Okta Secure Partner Access Solution

Description: In this document we will go over the high-level overview of the Secure Partner Access (SPA)  solution in Okta. Also, we will go over the setup of Realms and Partner Admin Portal. Prerequisite: Workforce Identity Cloud customers with Minimum Okta Identity engine (OIE) For B2B customers managing partners with Realms, a SPA license is … Continue reading Okta Secure Partner Access Solution

Just in Time Account Creation for macOS with Jamf Pro

April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia Introduction to Just-in-Time Local Account Creation on macOS with OktaRequirements for Implementing Just-in-Time Local Account Creation with Okta on macOSEnable JIT provisioning in the Admin ConsoleAdd custom attributes to Platform SSO appSet up Device Access SCEP certificatesConfigure Okta as a CA for Device AccessCreate … Continue reading Just in Time Account Creation for macOS with Jamf Pro

Factor Sequencing on OIE: Authentication Method Chains

When OIE was released it championed assurance levels rather than specific authenticators. This provided a better experience for the majority of users and administrators. This ease of use came at the cost of easily being able to specify specific factors or factor orders which some customers required typically for compliance or regulatory reasons. Many of … Continue reading Factor Sequencing on OIE: Authentication Method Chains

Okta Breached Password Detection

Okta recently made its Breached Password Detection Functionality generally available. This functionality is enabled by default. If your user's credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log. By default, Okta expires the user's credentials and requires the user to reset their password the next time they attempt to … Continue reading Okta Breached Password Detection

 Active Directory Bidirectional Group Management

Description: This document describes how to set up Access Requests and Certification for AD-sourced groups imported into Okta. Pre-requisites: IGA license to manage AD groups in Okta. Active Directory integrated with Okta and proper service account permissions to manage groups in AD. Refer to “Group Push” permissions in this document: https://help.okta.com/en-us/content/topics/directory/ad-agent-about-service-account.htm All the user's managerID … Continue reading  Active Directory Bidirectional Group Management

Okta Device Access macOS TOTP account link

IntroductionPrerequisitesCreate / Adjust MDM ProfilesWorkspace ONE UEM ProfileJamf PRO ProfileKandji ProfileMicrosoft Intune ProfileDemo Introduction In Desktop MFA for macOS, admins can now choose between Okta Verify push notification and Okta Verify Time-based One-Time Password as the user verification method used to link an Okta account to the local macOS account.In this blog I will show you … Continue reading Okta Device Access macOS TOTP account link

All You Need To Know About Okta and Google Workspace Integration

This post will illustrate how to integrate Okta and Google workspace, options of integration and how to migrate users or stage the migration, the authentication flows and inbound federation.The post includes videos to illustrate how the integration works. The implementation was done on a small scale and in testing environments. Any production application should be … Continue reading All You Need To Know About Okta and Google Workspace Integration

Okta Radius Agent and Authentication Protocols (AAA)

Overview Understanding the concept of AAAAuthenticationAuthorization Accounting RADIUS EAP Authentication Network Access Key Components (Dot1x)EAP Types Native EAP Types Tunneled EAP Types Okta Radius Agent Network Access Use caseOkta Radius agent and Application setupDownload and install the agent Linux Installation steps Windows Installation steps Radius Application in OktaIn the Sign-On Options, configure the port and … Continue reading Okta Radius Agent and Authentication Protocols (AAA)

Okta Device Access with Kandji a step-by step guide

October 2024: The Okta application name from "Desktop Password Sync" to"Platform Single Sign-On for macOS"April 2025: Additional app identifier required for the associated domain entry on macOS 15 Sequoia (mobileconfig template was updated) IntroductionRequirementsOkta Desktop MFA ConfigurationOkta Password Sync (Platform -SSO) configurationPrepare your Kandji environmentEnroll your macOS into KandjiCreate the profile for Desktop MFA Deploy Okta Verify App … Continue reading Okta Device Access with Kandji a step-by step guide