Managed app configurations for Windows devices

You can use your device management solution to deploy managed app configurations to domains. The managed app configurations allow you to enable Okta Verify functionality on Windows devices.

Use the examples in this table to configure your managed app configurations:

 

Flag

Description

Values

Default value

Minimum supported version

AutoUpdateDeferredByDays

Defer automatic updates by one to thirteen days past the staggered release end date.

Integer between 1 and 13

NOT_SET

3.7.1

EnableZTAPlugin

Configure whether the CrowdStrike endpoint detection and response (EDR) manifest file is deployed to devices during Okta Verify installation.

See Manage endpoint security integration plugins for Windows.

TRUE: The manifest file is deployed to devices during Okta Verify installation.

FALSE: The manifest file isn't deployed to devices during Okta Verify installation.

FALSE

2.0.1

EnrollInBetaProgram

Configure whether users can enroll in the Okta Verify beta program on their Windows devices.

NOT_SET: Users aren't enrolled in the beta program. To enroll, users open Okta Verify and select Join our beta program on the Settings page.

TRUE: Users are enrolled in the beta program.

FALSE: Users aren't enrolled in the beta program and can't enroll by selecting Join our beta program on the Okta Verify Settings page.

NOT_SET

2.6.0

EnrollmentOptions

Configure whether end users are prompted to enroll in Okta Verify. You can reduce the number of user prompts or control the rollout of Okta Verify and Okta FastPass in your org.

SilentEnrollmentDisabled: Default. Users are prompted to add an Okta Verify account only if they click Sign in with Okta Verify.

Enabled: Users are always prompted to add an Okta Verify account.

Disabled: Users are never prompted to enroll in Okta Verify unless they open the app and click Add an account.

SilentEnrollmentDisabled

2.0.1

FeatureFlags

Enable or disable features.

DeviceHealthOff: Use this value to turn off Device health in Okta Verify on end-user devices. This feature is turned on by default.

<Empty>

3.8.0

LogLevel

Configure the event viewer log level.

None, Critical, Error, Warning, Info, or Debug

Warning

1.3.1

OrgUrl

When you configure this flag, the org URL is included in on the user's enrollment page.

<Fully-qualified domain name> or <org URL>

<Empty>

1.3.1

ProxyPacFileLocation Configure the PAC file path for the proxy server. When you set the PAC file location, the AutoUpdate Service is updated (C:\Program Files\Okta\UpdateService\Okta.Coordinator.Service.exe.config).

A configuration is created:

<appSettings><system.net ><defaultProxy><proxy scriptLocation="<PacFileLocation>"/></defaultProxy></system.net>
<PAC_file_path> NOT_SET 3.0.0
ProxyPassword Configure the password for the authentication proxy server.

If you use spaces in the password, enclose it with double quotes ("").

The password is encrypted before it’s stored in the service configuration file. It’s decrypted by the value set in the ProxyPasswordEntropy flag.

If you use this flag, the ProxyURL and ProxyUsername flags are also required.

<password>

For example, GhKan2a_ya12

NOT_SET 3.1.0
ProxyURL Configure the URL and port for the proxy server that are used to access the AutoUpdate Service (C:\Program Files\Okta\UpdateService\Okta.Coordinator.Service.exe.config).

If you use this flag, the ProxyUsername and ProxyPassword flags are also required.

A configuration is created: 

<appSettings><system.net ><defaultProxy><proxy proxyaddress="<url>:<port>"/></defaultProxy></system.net>
<URL>:<Port>

For example, https://example.com:2035

NOT_SET 3.0.0
ProxyUserName Configure the username for the authentication proxy server.

If you use this flag, the ProxyURL and ProxyPassword flags are also required.

The Okta.Coordinator.Service.exe.config file is updated:

<appSettings>

<!--Possible values None, Critical, Error, Warning, Info,

Debug -->

<add key="LogLevel" value="Info" />

<add key="ProxyUrl" value="https://test.com:6545" />

<add key="ProxyUsername" value="TestUserName" />

<add key="ProxyPassword" value="AQAAANCMnd8BFdERjHoAwE/Cl+sB

AAAAiDxe77U1Gk21ZcuZJjmUmAQAAAACAAAAAAAQZgAAAAEAACAAAADo1

s0yrCoIJ15t/iYstL2KDeemboTZ8+RaAac4447v6QAAAAAOgAAAAAIAAC

AAAAAAYMeKTNHpXHKSZIvCahkJJxcvIizIaIKpLm0gARhfNyAAAAC09

RRn7psZmzbuTO+e4HSRjOKeRr3o5KyLGPgV2Jb8+UAAAADtR/AHye/4L

vhhLOf0MGY5IlYaMse87Li7GojQCEOMqdlFpUA3OLL9i/uQLMAx3enyn/gk

8a0euEl3l4MmE4zb" />

<add key="ProxyPasswordEntropy" value="83928a31-c7c1-449

e-8b68-b59a4063f877" />

</appSettings>

<username>

For example, proxyUsername

NOT_SET 3.1.0

ReportDiagnostics

Configure whether crash reports are sent to your diagnostics reporting tool (for example, AppCenter).

TRUE: Crash reports are sent.

FALSE: Crash reports aren’t sent.

TRUE

1.3.1