Okta Device Access

Okta Device Access extends Okta's Identity and Access Management capabilities to the device sign-in experience. Using the same authenticators used to secure your Okta-protected apps and workforce devices, your users can verify their identity and sign in to their devices with a secure, seamless experience.

Okta Device Access currently includes two products: Desktop MFA, available for Windows and macOS, and Desktop Password Sync for macOS.

Desktop MFA

Desktop MFA for Windows and Desktop MFA for macOS extends multifactor authentication to your desktop and laptop computers, providing a seamless and secure experience for users.

When users sign in to their device, Desktop MFA checks if the user has enrolled an offline verification method for use when they sign in. If no enrollments are found, Desktop MFA guides the user through setting up an additional authentication factor. MFA is used to validate the user's identity when signing in, and requires the user to provide additional verification factors with Okta Verify.

A single active session to apps and data is established and the security is extended to all resources, even when the computer is offline.

Admins can configure policies using registry keys, and target the policy for specific users and groups. You can configure a passwordless experience, which allows users to sign in with Okta Verify, and users can request a self-service password reset at any time.

Desktop Password Sync

Desktop Password Sync for macOS is based on Apple's Platform Single Sign-on extension. Users can sign in or unlock the device with their Okta password, and keep the local account password in sync with Okta. As part of the enrollment process, users register their device to an Okta Verify account. Then, they enroll in Okta FastPass using the streamlined onboarding flow, allowing seamless, authenticated access to apps and data.

For more information about Okta Device Access products and availability, visit the Okta Device Access product page.

Benefits

Desktop Passwordless Login: When Desktop Passwordless Login is enabled, users can sign in to their Windows computer without entering a password by responding to a push notification. The user still has a valid password that they can use when push notifications are unavailable, the computer is offline, or if passwordless sign-in fails.
Self-service password reset: Desktop MFA for Windows allows users to initiate a password reset if they're locked out of the computer. When changing a password with the self-service password reset, the user changes their Okta password, which is then synced with Active Directory or Azure Active Directory.
Recovery flows for macOS: macOS users can call your Help Desk for a recovery PIN when they're unable to sign in to their computer. Recovery flow supports devices with or without an internet connection.
Simplified password management: Users can synchronize their macOS password with their Okta password, eliminating another password to remember.
Just-In-Time Local Account Creation: Just-In-Time Local Account Creation allows users to create an account on a macOS computer using their Okta username and password from the macOS login window. Admins can streamline the account creation process for any Okta user in their tenant, which is especially beneficial for shared devices or workstations that support multiple users.

How it works

Okta Device Access provides unified identity and access management from any device to all applications.

Get started

Get started with Desktop MFA for Windows

Get started with Desktop MFA for macOS

Get started with Desktop Password Sync