Configure management attestation for desktop devices

Complete these tasks, in the presented sequence, to configure management attestation for desktop devices. Mandatory and recommended tasks are listed in the table.

Task

Description

Learn about and configure Identity Engine tasks

  • Become familiar with Identity Engine concepts, terminology, limitations, and known issues.
  • Set up authenticators and MFA enrollment policies to provide secure user access to your org.
  • Ensure that a user's profile is complete before they can access an app and set up default app redirects.
  • Configure Global Session Policies to enforce assurance.

Configure a certificate authority for your implementation. You can use Okta as a CA, or provide your own CA.

Use Okta as a certificate authority (CA):

Provide your own certificate authority (CA):

See Provide your own certificate authority for managed devices.

Add an authentication policy rule for desktop Create policies to manage access to apps based on criteria you specify in the policy rules.

Optional. Configure an authentication policy that supports passwordless authentication.

See Configure Okta FastPass

Configure a seamless SSO Okta FastPass experience on macOS devices macOS-only. If setting up passwordless authentication for macOS users, configure Credential SSO extension to forward requests from a browser or app to Okta Verify so end users on managed macOS devices have a seamless, single sign-on experience.

Install Okta Verify on macOS devices

macOS only. Deploy Okta Verify to end-user devices using your device management solution.

Install Okta Verify on Windows devices

Windows only. Deploy Okta Verify to end-user devices using your device management solution or Microsoft Endpoint Manager (MEM).

(Optional) Allow end users to prevent the Open Okta Verify prompt

Provide a check box allowing end users to prevent being prompted to Open Okta Verify.

(Optional) Endpoint security integrations

You can integrate Okta Verify with your organization’s Endpoint Detection and Response (EDR) solution. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by your EDR client running on the same device.

(Optional) Deploy a managed app configuration

macOS only. You can remotely configure Okta Verify by deploying managed app configurations through your device management solution.

Related topics