Configure management attestation for desktop devices

Complete these tasks, in the presented sequence, to configure management attestation for desktop devices. Mandatory and recommended tasks are listed in the table.

Task

Description

Learn about and configure Identity Engine tasks

  • Set up authenticators and MFA enrollment policies to provide secure user access to your org.
  • Ensure that a user's profile is complete before they can access an app and set up default app redirects.
  • Configure Global Session Policies to enforce assurance.

Configure a certificate authority

Use Okta as a certificate authority (CA):

Provide your own certificate authority (CA):

See Use your own certificate authority for managed devices.

Add an authentication policy rule for desktop

Create policies to manage access to apps based on criteria you specify in the policy rules.

You must enable Okta FastPassConfigure Okta FastPass Optionally, you can configure policies to remove password-based authentication.

Configure Okta FastPass

Configure a seamless SSO Okta FastPass experience on macOS devices macOS-only. If setting up passwordless authentication for macOS users, configure Credential SSO extension to forward requests from a browser or app to Okta Verify so end users on managed macOS devices have a seamless, single sign-on experience.

Deploy Okta Verify to macOS devices

macOS only. Deploy Okta Verify to end-user devices using your device management solution.

Deploy Okta Verify to Windows devices

Windows only. Deploy Okta Verify to end-user devices using your device management solution or Microsoft Endpoint Manager (MEM).

(Optional) Let users skip the Open Okta Verify prompt

Provide a check box allowing end users to prevent being prompted to Open Okta Verify.

(Optional) Endpoint security integrations

You can integrate Okta Verify with your organization’s Endpoint Detection and Response (EDR) solution. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by your EDR client running on the same device.

(Optional) Managed app configurations

macOS only. You can remotely configure Okta Verify by deploying managed app configurations through your device management solution.

Related topics