How Okta works with Windows Autopilot

This topic explains what happens on the end-user's device when the Okta + Windows Autopilot integration is initiated on their device.

When an activated end user connects their registered device to the internet, the following actions happen:

  1. Azure AD detects the registered device and displays the Welcome page you’ve customized for your company.

  2. The end user enters their workplace email to initiate the Windows Autopilot process.

  3. They are directed to your company’s sign-in page where the Okta Sign-on process begins.

  4. The end user signs in using their Okta credentials. Their Okta username can be different from their workplace email.

  5. The end user is prompted for MFA, if you have set it up in your Office 365 sign-on policy in Okta.

  6. On success, Okta passes the validation to Azure AD.

  7. Windows Autopilot service then sets up the device per the Autopilot profile you’ve assigned to it in Azure AD.

Once the device is successfully set up and enrolled, it can be managed through an MDM service such as Microsoft Intune. For example, you can reset the device through Microsoft Intune.

End-user access to the device is managed through Okta. For example, if you deactivate a user in Okta, they can no longer sign into their device.

Next steps

Supported use-cases for Okta + Windows Autopilot