Managed app configurations for macOS devices
You can use your device management solution to deploy managed app configurations to domains. The managed app configurations allow you to enable functionality that is built into macOS Okta Verify.
Always deploy managed app configurations to both of these preference domains:
- Preference domain 1: com.okta.mobile
- Preference domain 2: com.okta.mobile.auth-service-extension
Use the examples in this table to help you configure your managed app configurations:
Key |
Value |
Description |
---|---|---|
DeviceHealthOptions |
Type: String By default (not set), all device health check functions are displayed in Okta Verify on end-user devices. Disabled: Hides the device health screen and badge. HideOSUpdate: Hides the OS version check in Okta Verify on end-user devices. HideDiskEncryption: Hides the disk encryption check in Okta Verify on end-user devices. HideBiometrics: Hides the biometrics check in Okta Verify on end-user devices. HidePassword: Hides the password check in Okta Verify on end-user devices. |
Hide the Device Health page, or hide specific health checks in Okta Verify on end-user devices. You can select multiple values. Separate the values by using a semicolon. For example, HideOSUpdate;HideDiskEncryption hides the OS update and disk encryption checks. All other device checks are shown. If the value contains Disabled, the Device Health page isn't displayed in Okta Verify. Example: Copy
|
OktaVerify.EnrollmentOptions |
SilentEnrollmentEnabled Type: String |
Automatically launch the Okta Verify enrollment flow for unregistered users By default, if users are not enrolled in Okta Verify (unregistered), they are not automatically placed in the enrollment flow when they attempt to access resources that are protected by Okta Verify authentication. To launch the enrollment process, users need to click Sign in with Okta Verify. This feature configures Okta Verify to automatically launch the enrollment flow for unregistered users, so that they are not prompted to click Sign in with Okta Verify. Example: Copy
|
OktaVerify.OrgUrl |
<org_sign-in_URL> Type: String |
Pre-populate the org URL Enables admins to pre-populate the First, enter your sign-in URL screen with a sign-in URL, so end users do not need to enter it. This is available for macOS Okta Verify v2.4.1 and later. Example: Copy
|
OktaVerify.Plugins |
com.crowdstrike.zta Type: String |
Enable EDR plugin for macOS Okta Verify Enables macOS Okta Verify to collect trust signals from the EDR client that is running on the same macOS device. See Manage endpoint security integration plugins for macOS. Example: Copy
|
OktaVerify.ReportDiagnostics |
true or false Type: Boolean |
Configure whether to report diagnostic information Enables admins to configure whether Okta Verify diagnostic and crash information is shared with Okta. If not configured, end users can set this value on their app. See Share diagnostic information with Okta from your macOS device. Example: Copy
|