Passwordless certificates

Passwordless certificates allow users to connect to servers without entering a password. Users must still sign in to their Okta account before connecting to a server. Teams can assign a certificate to one or more Active Directory (AD) connections.

Teams manage certificates from the Passwordless Certificates tab on the Team Settings page. From here, teams can create self-signed certificates or upload an existing signed certificate from their local device. After creating a certificate, admins can review the status and expiration date of each certificate.

When teams create an AD connection, Advanced Server Access can automatically create and assign a self-signed certificate. Teams can also manually assign a certificate to existing AD connections.

Passwordless certificates are currently incompatible with the Okta Credential Provider for Windows.

Tasks

Create a self-signed certificate
Create a certificate with a certificate signing request
Add a certificate to an Active Directory connection
Renew a certificate
Delete a certificate