Install Okta Verify on Windows devices
As an alternative to end users manually installing Okta Verify on Windows devices, you can silently install it.
If Windows Okta Verify is deployed to a device with the OrgUrl flag specified, Okta Verify checks the Okta server for app updates. If a new version exists, it automatically downloads and then updates Okta Verify. If the OrgUrl flag is not specified, the end user must have an enrollment in Okta Verify before the app will automatically update.
Before you begin
Be aware that end users might see the following notice and prompt when you silently install Windows Okta Verify:
- End user license agreement (EULA) and Crash Reporting notice
- User Account Control (UAC) prompt
- MEM: If you use MEM to silently install Okta Verify on end-user Windows devices, end users are shown the UAC consent and credential prompts.
MDM: If you configure your MDM software to silently install Okta Verify on end-user Windows devices, end users are not shown UAC prompts.
If you silently install Okta Verify on end-user Windows devices using your mobile device management (MDM) software or Microsoft Endpoint Manager (MEM), end users are not shown the EULA or Crash Reporting notice. Users who want to see those notices need to uninstall Okta Verify and then reinstall it by double-clicking the Okta Verify Setup file. The EULA and the Crash Reporting notices appear during re-installation.
Start this procedure
Complete one of the following installation procedures:
Complete the steps in the Microsoft Intune document Add a Windows line-of-business app to Microsoft Intune. Make sure you select the Device Context option in Microsoft Intune (not User Context).
Installation occurs at the system level. User-based installation is not supported.
- Copy the file Okta Verify Setup file to your MEM server.
- Launch the Configuration Manager Console.
- Go to \Software Library\Overview\Application Management\Applications.
- Launch the Create Application Wizard (right-click Applications, and then select Create new application).
- Select Automatically detect information about this application from installation files.
- In Type, select Windows Installer (*.exe or *.msi).
- In Location, browse to the Okta Verify file.
- Click Next.
- Follow the on-screen prompts.
- On the Specify information about this application screen, do the following:
- Enter a name.
- Specify the installation program, using one of the following flag options:
- Install without specifying installer flags
- Install with specifying installer flags
- TRUE: The CrowdStrike EDR manifest file is deployed to devices during Okta Verify installation.
- FALSE: The CrowdStrike EDR manifest file is not deployed to devices during Okta Verify installation.
- NOT_SET: Users are not enrolled in the Windows Okta Verify beta program, but they are able to enroll into it by selecting Join our beta program and get early access to the latest versions of Okta Verify on the Windows Okta Verify Settings screen.
- TRUE: Users are enrolled in the Windows Okta Verify beta program. This provides users with early access to the latest version of Okta Verify.
- FALSE: Users are not enrolled in the Windows Okta Verify beta program, and they are not able to enroll by selecting Join our beta program and get early access to the latest versions of Okta Verify on the Windows Okta Verify Settings screen.
- SilentEnrollmentDisabled: Default. Users are not prompted to add an Okta Verify account unless they click Sign in with Okta Verify.
Enabled: Users are always prompted to add an Okta Verify account.
Disabled: Users are never prompted to enroll in Okta Verify unless they open the app and click Add an account.
- TRUE: Crash reports are sent.
- FALSE: Crash reports are not sent.
msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi EXEOPTIONS=”/q2”
In the EXE and MSI examples, square brackets ("[" and "]") are used to indicate optional parameters. See the table below for Flag and Value options.
OktaVerifySetup-1.x.x.x-yyyyyyy.exe -q2 [<Flag_1>=<Value_1>] [<Flag_2>=<Value_2>] [...]
OktaVerifySetup-1.x.x.x-yyyyyyy.exe -q2 OrgUrl=https://ORGNAME.oktapreview.com
msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi /qn EXEOPTIONS="-q2 [<Flag_1>=<Value_1>] [<Flag_2>=<Value_2>] [...]"
msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi /qn EXEOPTIONS="-q2 OrgUrl=https://ORGNAME.oktapreview.com"
Flag Description Values Default Value Minimum supported version EnableZTAPlugin Configures whether the CrowdStrike EDR manifest file is deployed to devices during Okta Verify installation. The following options are available: FALSE 2.0.1 EnrollInBetaProgram Configures whether end users can enroll in the Windows Okta Verify beta program. The following options are available: NOT_SET 2.6.0 EnrollmentOptions Configures whether end users are prompted to enroll in Okta Verify. This is useful if you want to reduce the number of user prompts or control the rollout of Okta Verify and Okta FastPass in your org. The following options are available: SilentEnrollmentDisabled 2.0.1 LogLevel Configures the event viewer log level. None, Critical, Error, Warning, Info, or Debug Warning 1.3.1 OrgUrl When configured, auto-populates end user enrollment screen with the customer's org URL. FQDN, or URL of org <Empty> 1.3.1 ReportDiagnostics Configures whether crash reports are sent to your diagnostics reporting tool (for example, AppCenter). The following options are available: TRUE 1.3.1
- Click Next.
- Confirm settings and click Next.
- At the success screen, click Close.
- In the center pane of the Applications list, right-click the app and select Deploy.
- Follow the prompts in the Deploy Wizard.