Okta Verify configurations for macOS devices

You can use your device management solution (MDM) to deploy Okta Verify configurations to domains. The configurations enable Okta Verify functionality.

Always deploy managed app configurations to both of these preference domains:

  • Preference domain 1: com.okta.mobile
  • Preference domain 2: com.okta.mobile.auth-service-extension

Use the following keys and values to configure Okta Verify:

OktaVerify.DeviceHealthOptions

Hide the Device Health page, or hide specific health checks in Okta Verify on user devices. If you select multiple values, separate them by a semicolon. For example, HideOSUpdate;HideDiskEncryption hides the OS update and disk encryption checks. All other device checks are shown.

If the value contains Disabled, the Device Health page isn't displayed in Okta Verify.

By default (when no values are set), all device health checks are displayed in Okta Verify on user devices.

Values (strings):

Disabled: Hides the device health page and badge.

HideOSUpdate: Hides the OS version check.

HideDiskEncryption: Hides the disk encryption check.

HideBiometrics: Hides the biometrics check.

HidePassword: Hides the password check.

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OktaVerify.DeviceHealthOptions</key>
<string>HideDiskEncryption;HideBiometrics</string>
</dict>
</plist>

OktaVerify.EnrollmentOptions

Configure whether users are prompted to enroll in Okta Verify. You can reduce the number of user prompts or control the rollout of Okta Verify and Okta FastPass in your org.

Values (strings):

SilentEnrollmentDisabled: Default. Users who aren't enrolled in Okta Verify (not registered) are prompted to add an Okta Verify account when they attempt to access resources protected by Okta and click Sign in with Okta FastPass.

Enabled: Users are always prompted to add an Okta Verify account.

Disabled: Users are never prompted to enroll in Okta Verify unless they open the app and click Add an account.

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OktaVerify.EnrollmentOptions</key>
<string>Enabled</string>
</dict>
</plist>

OktaVerify.OrgUrl

Pre-populate the org URL so that users don't have to enter this value on the First, enter your sign-in URL page. This option is available for macOS Okta Verify 2.4.1 and later.

Value (string): <org_sign-in_URL>

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OktaVerify.OrgUrl</key>
<string>acme.okta.com</string>
</dict>
</plist>

OktaVerify.Plugins

Enable macOS Okta Verify to collect trust signals from the EDR client that is running on the same macOS device. See Manage endpoint security integration plugins for macOS.

Value (array): com.crowdstrike.zta

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<managedAppConfiguration>
<dict>
<key>OktaVerify.Plugins</key>
<array>
<string>com.crowdstrike.zta</string>
</array>
<key>com.crowdstrike.zta</key>
<dict>
<key>description</key>
<string>File-based EDR integration between Okta Verify and the Crowdstrike Falcon agent.</string>
<key>format</key>
<string>JWT</string>
<key>location</key>
<string>/Library/Application Support/Crowdstrike/ZeroTrustAssessment/data.zta</string>
<key>name</key>
<string>com.crowdstrike.zta</string>
<key>type</key>
<string>FILE</string>
</dict>
</dict>
</managedAppConfiguration>
</plist>

OktaVerify.ReportDiagnostics

Configure whether Okta Verify diagnostic and crash information is shared with Okta. If not configured, end users can set this value on their app. See Share diagnostic information with Okta from your macOS device.

Value (boolean): true or false

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OktaVerify.ReportDiagnostics</key>
<true/>
</dict>
</plist>

OktaVerify.LaunchOptions

Configure whether Okta Verify shows the accounts list upon launch. If not configured, Okta Verify shows the account list upon launch.

Value (string): HideMainWindow

Example:

Copy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OktaVerify.LaunchOptions</key>
<string>HideMainWindow</string>
</dict>
</plist>