Passwordless certificates

Passwordless Certificates are assigned to one or more Active Directory (AD) connections and allow users to connect to discovered servers without needing to enter a password. Users must still sign in to their Okta account before connecting to a server.

Certificates are stored on the Passwordless Certificates tab on the Team Settings page. From here, teams can create self-signed certificates or upload an existing signed certificate from their local device. After creating a certificate, admins can review the status and expiration date of each certificate.

When teams create a new AD connection, Advanced Server Access can automatically create and assign a self-signed certificate. Teams can also manually assign a certificate to existing AD connections.

Passwordless certificates are currently incompatable with the Okta Credential Provider for Windows.