Configure management attestation for desktop devices

Complete these tasks, in the presented sequence, to configure management attestation for desktop devices. Mandatory and recommended tasks are listed in the table.



Get started

  • Set up authenticators and MFA enrollment policies to provide secure user access to your org.
  • Ensure that a user's profile is complete before they can access an app and set up default app redirects.
  • Configure Global Session Policies to enforce assurance.

Configure a Certificate Authority

Use Okta as a certificate authority (CA):

Provide your own certificate authority (CA):

See Use your own certificate authority for managed devices.

A user or device may be displayed as unmanaged after deployment of the SCEP certificate. This value is updated after the user has successfully authenticated and signed in with Okta FastPass.

Add an authentication policy rule for desktop

Create policies to manage access to apps based on criteria you specify in the policy rules.

You must enable Okta FastPass. Optionally, you can configure policies to remove password-based authentication.

See Configure Okta FastPass.

Configure an SSO extension on managed macOS devices macOS-only. If setting up passwordless authentication for macOS users, configure Credential SSO extension to forward requests from a browser or app to Okta Verify so end users on managed macOS devices have a seamless, single sign-on experience.

Deploy Okta Verify to macOS devices

macOS only. Deploy Okta Verify to end-user devices using your device management solution.

Deploy Okta Verify to Windows devices

Windows only. Deploy Okta Verify to end-user devices using your device management solution or Microsoft Endpoint Manager (MEM).

(Optional) Let users skip the Open Okta Verify prompt

Provide a check box allowing end users to prevent being prompted to Open Okta Verify.

(Optional) Endpoint security integrations

You can integrate Okta Verify with your organization’s Endpoint Detection and Response (EDR) solution. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by your EDR client running on the same device.

(Optional) Managed app configurations

macOS only. You can remotely configure Okta Verify by deploying managed app configurations through your device management solution.

Related topics