Revoke a user's certificate from the Okta Certificate Authority
Revoke a user's Device Trust certificate(s) from the Okta Certificate Authority if their computer is lost or stolen, or if their account is deactivated. If you have revoked a user's Device Trust certificate and you want to secure their computer again, you'll need to remove the revoked certificate from their computer before enrolling a new certificate.
Managed Windows computers
- In the Admin Console, go to .
- Click a user name in the Person & Username column.
- Click More Actions and select Revoke Trust Certificate.
- Click Revoke Trust Certificate.
-
To remove the Device Trust certificate:
- Single computer: Use a third-party management tool such as Certificate Manager Tool (Certmgr.exe) to remove the certificate issued by the Okta MTLS Certificate Authority.
- Multiple computers: Use a third-party management tool such as GPO or SCCM to remove the certificate issued by the Okta MTLS Certificate Authority.
Jamf Pro managed macOS devices
- In the Admin Console, go to .
- Click a user name in the Person & Username column.
- Click More Actions and select Revoke Trust Certificate.
- Click Revoke Trust Certificate.
- To remove the Device Trust certificate:
- Command line: Open a terminal on the target computer and issue the command python <fileName>.py uninstall where <fileName> is the name of Okta Device Registration Task. For example, if the name of the Okta Registration Task is MacOktaDeviceRegistrationTaskSetup.1.0.2.py, you would issue this command:
python MacOktaDeviceRegistrationTaskSetup.1.0.2.py uninstall
If you reuse a script, remove the Org Token. The token is not necessary for the uninstall operation.
- Uninstall script: Create an uninstall script in Jamf Pro configured to pass the uninstall parameter. See Adding a Script to Jamf Pro.
- Command line: Open a terminal on the target computer and issue the command python <fileName>.py uninstall where <fileName> is the name of Okta Device Registration Task. For example, if the name of the Okta Registration Task is MacOktaDeviceRegistrationTaskSetup.1.0.2.py, you would issue this command: