Install Okta Verify on Windows devices

As an alternative to end users manually installing Okta Verify on Windows devices, you can silently install it.

If Windows Okta Verify is deployed to a device with the OrgUrl flag specified, Okta Verify checks the Okta server for app updates. If a new version exists, it automatically downloads and then updates Okta Verify. If the OrgUrl flag is not specified, the end user must have an enrollment in Okta Verify before the app will automatically update.

Before you begin

Be aware that end users might see the following notice and prompt when you silently install Windows Okta Verify:

  • End user license agreement (EULA) and Crash Reporting notice
  • If you silently install Okta Verify on end-user Windows devices using your mobile device management (MDM) software or Microsoft Endpoint Manager (MEM), end users are not shown the EULA or Crash Reporting notice. Users who want to see those notices need to uninstall Okta Verify and then reinstall it by double-clicking the Okta Verify Setup file. The EULA and the Crash Reporting notices appear during re-installation.

  • User Account Control (UAC) prompt
    • MEM: If you use MEM to silently install Okta Verify on end-user Windows devices, end users are shown the UAC consent and credential prompts.
    • MDM: If you configure your MDM software to silently install Okta Verify on end-user Windows devices, end users are not shown UAC prompts.

Start this procedure

Complete one of the following installation procedures:

Install Okta Verify using your MDM software

Complete the steps in the Microsoft Intune document Add a Windows line-of-business app to Microsoft Intune. Make sure you select the Device Context option in Microsoft Intune (not User Context).

Install Okta Verify using MEM

Installation occurs at the system level. User-based installation is not supported.

  1. Copy the file Okta Verify Setup file to your MEM server.
  2. Launch the Configuration Manager Console.
  3. Go to \Software Library\Overview\Application Management\Applications.
  4. Launch the Create Application Wizard (right-click Applications, and then select Create new application).
  5. Select Automatically detect information about this application from installation files.
  6. In Type, select Windows Installer (*.exe or *.msi).
  7. In Location, browse to the Okta Verify file.
  8. Click Next.
  9. Follow the on-screen prompts.
  10. On the Specify information about this application screen, do the following:
    1. Enter a name.
    2. Specify the installation program, using one of the following flag options:
      • Install without specifying installer flags
      • EXE

        OktaVerifySetup-1.x.x.x-yyyyyyy.exe /q2

        MSI

        msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi EXEOPTIONS=”/q2”

      • Install with specifying installer flags
      • In the EXE and MSI examples, square brackets ("[" and "]") are used to indicate optional parameters. See the table below for Flag and Value options.

        EXE

        OktaVerifySetup-1.x.x.x-yyyyyyy.exe -q2 [<Flag_1>=<Value_1>] [<Flag_2>=<Value_2>] [...]

        for example:

        OktaVerifySetup-1.x.x.x-yyyyyyy.exe -q2 OrgUrl=https://ORGNAME.oktapreview.com

        MSI

        msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi /qn EXEOPTIONS="-q2 [<Flag_1>=<Value_1>] [<Flag_2>=<Value_2>] [...]"

        for example:

        msiexec /I OktaVerifySetup-1.x.x.x-yyyyyyy.msi /qn EXEOPTIONS="-q2 OrgUrl=https://ORGNAME.oktapreview.com"

        FlagDescriptionValuesDefault ValueMinimum supported version
        EnableZTAPluginConfigures whether the CrowdStrike EDR manifest file is deployed to devices during Okta Verify installation.

        See Manage endpoint security integration plugins for Windows.

        The following options are available:
        • TRUE: The CrowdStrike EDR manifest file is deployed to devices during Okta Verify installation.
        • FALSE: The CrowdStrike EDR manifest file is not deployed to devices during Okta Verify installation.
        FALSE2.0.1
        EnrollInBetaProgramConfigures whether end users can enroll in the Windows Okta Verify beta program.The following options are available:
        • NOT_SET: Users are not enrolled in the Windows Okta Verify beta program, but they are able to enroll into it by selecting Join our beta program and get early access to the latest versions of Okta Verify on the Windows Okta Verify Settings screen.
        • TRUE: Users are enrolled in the Windows Okta Verify beta program. This provides users with early access to the latest version of Okta Verify.
        • FALSE: Users are not enrolled in the Windows Okta Verify beta program, and they are not able to enroll by selecting Join our beta program and get early access to the latest versions of Okta Verify on the Windows Okta Verify Settings screen.
        NOT_SET2.6.0
        EnrollmentOptionsConfigures whether end users are prompted to enroll in Okta Verify. This is useful if you want to reduce the number of user prompts or control the rollout of Okta Verify and Okta FastPass in your org.The following options are available:
        • SilentEnrollmentDisabled: Default. Users are not prompted to add an Okta Verify account unless they click Sign in with Okta Verify.
        • Enabled: Users are always prompted to add an Okta Verify account.

        • Disabled: Users are never prompted to enroll in Okta Verify unless they open the app and click Add an account.

        SilentEnrollmentDisabled2.0.1
        LogLevelConfigures the event viewer log level.None, Critical, Error, Warning, Info, or DebugWarning1.3.1
        OrgUrlWhen configured, auto-populates end user enrollment screen with the customer's org URL.FQDN, or URL of org<Empty>1.3.1
        ReportDiagnosticsConfigures whether crash reports are sent to your diagnostics reporting tool (for example, AppCenter).The following options are available:
        • TRUE: Crash reports are sent.
        • FALSE: Crash reports are not sent.
        TRUE1.3.1
  1. Click Next.
  2. Confirm settings and click Next.
  3. At the success screen, click Close.
  4. In the center pane of the Applications list, right-click the app and select Deploy.
  5. Follow the prompts in the Deploy Wizard.

Related topics