Desktop MFA for macOS

Use Desktop MFA for macOS to strengthen the security of users' authentication to macOS computers. With this solution, you can customize the sign-in flow so that users are prompted for MFA authentication at the sign-in screen. Users can enroll offline authentication factors from the sign-in screen, which are managed by admins using your existing MDM solution to configure policies for certain users and groups.

How it works

In the following example, users securely sign in to their macOS device using Desktop MFA.

A diagram of Okta's Desktop MFA for macOS architecture, showing directional touch points between a user, the computer, and Okta.

  1. The user signs in to their macOS computer with a username and password.

  2. The user's password is verified locally.

  3. The user is prompted for a possession factor: Okta Verify push, Okta Verify one-time password, or a FIDO2 security key.

  4. Okta challenges the possession factor.

  5. The user responds to the factor challenge with Okta Verify.

  6. Okta validates the user's credentials and factor challenge.

  7. Validated credentials are communicated to the macOS device.

  8. The user is granted access to secure apps and data.

Get started

Get started with Desktop MFA for macOS