Manage endpoint security integration plugins for Windows

Endpoint security integration plugins extend the functionality of the Okta endpoint security integration feature by enabling Okta Verify to collect trust signals from the Windows device it’s running on.

You can use Microsoft Endpoint Manager (MEM) to configure the plugins on your Windows device (for example, by using PowerShell scripts). On Windows devices, the plugins are located here: %PROGRAMDATA%\Okta\OktaVerify\Plugins. This allows you to specify which device signals to collect. Currently, you can run these scripts to install and uninstall the plugins on a device-by-device basis.

Before you begin

  • Set up endpoint security integrations
  • See Get started with endpoint security integrations.

  • Enable Okta FastPass
  • See Enable Okta FastPass.

  • Verify that Windows devices are registered with Okta

    See Device registration.

  • Verify that the client versions are supported:
    • Windows Okta Verify 3.0 or later
    • Okta recommends the latest version.

    • CrowdStrike Falcon Agent 6.14 or later
  • Windows Security Center is not supported on Windows servers.

Install the WSC endpoint security integration plugin

By default, the Windows Security Center (WSC) plugin is installed automatically when Okta Verify is installed. If you need to reinstall the plugin later for any reason, uninstall the current version, and then use this script.

Copy
$content = "{`r`n`t`"name`": `"com.okta.windowsSecurityCenter`",`r`n`t`"description`": `"Okta provided integration collecting signals through the Windows Security Center APIs.`",`r`n`t`"type`": `"DEFAULT`",`r`n`t`"format`": `"JSON`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"wscsvc`"`r`n`t`t}`r`n`t]`r`n}"
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
$filePath = $path + "com.okta.windowsSecurityCenter.json"
if (-not (Test-Path $path))
{
New-Item $path -ItemType Directory
}
$content | Out-File -FilePath $filePath

The PowerShell script configures the following JSON plugin file:

Copy
{
  "name": "com.okta.windowsSecurityCenter",
  "description": "Okta provided integration collecting signals through the Windows Security Center APIs.",
  "type": "DEFAULT",
  "format": "JSON",
  "availabilityChecks": [
    {
      "type": "SERVICE_RUNNING",
      "value": "wscsvc"
    }
  ]
}

Install the CrowdStrike endpoint security integration plugin

The CrowdStrike plugin is not installed automatically when Okta Verify is installed. Based on your installation scenario, uninstall the current version if one exists, and then choose the appropriate installation procedure:

  • Deploying Okta Verify to end user Windows devices
  • In this case, you don't use the PowerShell script. Instead, use the command line provided by your management tool (GPO, MDM software) to include the EnableZTAPlugin flag in the installation command.

    See Install Okta Verify on Windows devices for installation options.

  • All other scenarios
  • Use the PowerShell script. These scenarios may include:

    • Okta Verify was installed by the end user and not by the admin through your management tool.
    • You want to enable or disable functionality after Okta Verify is already installed on the device.
    • Copy
      $content = "{`r`n`t`"name`": `"com.crowdstrike.zta`",`r`n`t`"description`": `"Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.`",`r`n`t`"type`": `"FILE`",`r`n`t`"format`": `"JWT`",`r`n`t`"location`": `"%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"csagent`"`r`n`t`t}`r`n`t]`r`n}"
      $path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
      $filePath = $path + "com.crowdstrike.zta.json"
      if (-not (Test-Path $path))
      {
      New-Item $path -ItemType Directory
      }
      [System.IO.File]::WriteAllText($filePath, $content)

      The PowerShell script configures the following JSON plugin file:

      Copy
      {
        "name": "com.crowdstrike.zta",
        "description": "Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.",
        "type": "FILE",
        "format": "JWT",
        "location": "%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta",
        "availabilityChecks": [
          {
            "type": "SERVICE_RUNNING",
            "value": "csagent"
          }
        ]
      }

Uninstall an endpoint security integration integration plugin

Always uninstall the current endpoint security integration plugin before installing a new version. To uninstall an endpoint security integration plugin from Windows computers for any reason, use this PowerShell script.

Replace [JSON_FILE_NAME] in the PowerShell script with the applicable JSON file:

  • Windows Security Center: com.okta.windowsSecurityCenter.json
  • CrowdStrike: com.crowdstrike.zta.json
Copy
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\[JSON_FILE_NAME]"
if ((Test-Path $path))
{
Remove-Item -Path $path
}

Next steps