Managed app configurations for macOS devices

You can use your device management solution to deploy managed app configurations to domains. The managed app configurations allow you to enable functionality that is built into macOS Okta Verify.

Always deploy managed app configurations to both of these preference domains:

  • Preference domain 1: com.okta.mobile
  • Preference domain 2: com.okta.mobile.auth-service-extension

Use the examples in this table to help you configure your managed app configurations:

Managed app configuration

Key

Value

Value type

Example

Automatically launch the Okta Verify enrollment flow for unregistered users

By default, if users are not enrolled in Okta Verify (unregistered), they are not automatically placed in the enrollment flow when they attempt to access resources that are protected by Okta Verify authentication. To launch the enrollment process, users need to click Sign in with Okta Verify.

This feature configures Okta Verify to automatically launch the enrollment flow for unregistered users, so that they are not prompted to click Sign in with Okta Verify.

OktaVerify.EnrollmentOptions

SilentEnrollmentEnabled

String

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>OktaVerify.EnrollmentOptions</key>

<string>SilentEnrollmentEnabled</string>

</dict>

</plist>

Pre-populate the org URL

Enables admins to pre-populate the First, enter your sign-in URL screen with a sign-in URL, so end users do not need to enter it.

This is available for macOS Okta Verify v2.4.1 and later.

The image shows where the org URL is pre-populated if an admin uses the managed app configuration.

OktaVerify.OrgUrl

<org_sign-in_URL>

String

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>OktaVerify.OrgUrl</key>

<string>acme.okta.com</string>

</dict>

</plist>

Enable EDR plugin for macOS Okta Verify

Enables macOS Okta Verify to collect trust signals from the EDR client that is running on the same macOS device.

See Manage endpoint security integration plugins for macOS.

OktaVerify.Plugins

com.crowdstrike.zta

String

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>OktaVerify.Plugins</key>

<string>com.crowdstrike.zta</string>

</dict>

</plist>

Configure whether to report diagnostic information

Enables admins to configure whether Okta Verify diagnostic and crash information is shared with Okta. If not configured, end users can set this value on their app.

See Share diagnostic information with Okta from your macOS device.

OktaVerify.ReportDiagnostics

true, or false

Boolean

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>OktaVerify.ReportDiagnostics</key>

<bool>true</bool>

</dict>

</plist>