Manage EDR integration plugins for Windows

Endpoint Detection and Response (EDR) plugins extend the functionality of the Okta EDR integration feature by enabling Okta Verify to collect trust signals from your EDR client running on the same device. You can configure plugins using PowerShell scripts. Currently, you can use these scripts to install and uninstall the plugins on a device-by-device basis.

Before you begin

  • EDR integration is enabled for your org
  • Windows devices are:
    • Configured for Okta Device Trust
      See Device Trust on Identity Engine.
    • Registered with Okta
      See Device registration.
    • Windows 10 (1709), 32 or 64-bit
    • Supported client versions:
      • Windows Okta Verify beta client version 1.3.100.3 or later
      • CrowdStrike Falcon Agent 6.14 or later
  • Keep in mind:
    • Before installing a new version of the EDR plugin, make sure to completely uninstall the current version.
    • Plugins are installed at the following location on Windows computers: %PROGRAMDATA%\Okta\OktaVerify\Plugins.

Install the Windows Security Center (WSC) EDR plugin

By default, the WSC plugin is installed automatically when Okta Verify is installed. If you need to reinstall the plugin later for any reason, use this script.

$content = "{`r`n`t`"name`": `"com.okta.windowsSecurityCenter`",`r`n`t`"description`": `"Okta provided integration collecting signals through the Windows Security Center APIs.`",`r`n`t`"type`": `"DEFAULT`",`r`n`t`"format`": `"JSON`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"wscsvc`"`r`n`t`t}`r`n`t]`r`n}"

$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"

$filePath = $path + "your.domain.wsc.json"

if (-not (Test-Path $path))

{

New-Item $path -ItemType Directory

}

$content | Out-File -FilePath $filePath

Install the CrowdStrike EDR plugin

Unlike the WSC EDR plugin, the CrowdStrike plugin is not installed automatically when Okta Verify is installed. There are two main installation scenarios:

  • Deploying Okta Verify to end user Windows computers

  • In this case, you don't use the PowerShell script. Instead, use the command line provided by your management tool (GPO, MDM software) to include the EnableZTAPlugin flag in the installation command.
    See Okta Verify installation options for Windows for installation options.

  • All other scenarios
  • Use the PowerShell script. These scenarios may include:

  • Okta Verify was installed by the end user and not by the admin through your management tool.
  • You want to enable or disable functionality after Okta Verify is already installed on the device.

$content = "{`r`n`t`"name`": `"com.crowdstrike.zta`",`r`n`t`"description`": `"Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.`",`r`n`t`"type`": `"FILE`",`r`n`t`"format`": `"JWT`",`r`n`t`"location`": `"%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"csagent`"`r`n`t`t}`r`n`t]`r`n}"

$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"

$filePath = $path + "your.plugin.name.json"

if (-not (Test-Path $path))

{

New-Item $path -ItemType Directory

}

[System.IO.File]::WriteAllText($filePath, $content)

Uninstall an EDR integration plugin

To uninstall an EDR integration plugin from Windows computers for any reason, use this PowerShell script. Make sure you replace your.domain.wsc.json with the actual file name. The installer uses the following two file names by default:

  • Windows Security Center: com.okta.windowsSecurityCenter.json
  • CrowdStrike: com.okta.ztaDefault.json

$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\your.domain.wsc.json"

if ((Test-Path $path))

{

Remove-Item -Path $path

}

Next steps