Okta Device Access
Okta Device Access extends the identity and access management capabilities of Okta to the device sign-in experience. Using the same authenticators used to secure your Okta-protected apps and workforce devices, your users can verify their identity and sign in to their devices with a secure, seamless experience.
Desktop MFA for Windows and macOS extends multifactor authentication to your desktop and laptop computers, providing a seamless and secure experience for users. Admins can configure policies for specific users and groups. You can also configure a password-less experience, and enable users to request a self-service password reset at any time.
Desktop Password Sync for macOS is based on the Platform Single Sign-on (Platform SSO) extension from Apple. Users can sign in or unlock the device with their Okta password, and keep the local account password in sync with Okta. As part of the enrollment process, users register their device to an Okta Verify account. Then, they enroll in Okta FastPass using the streamlined onboarding flow, allowing seamless, authenticated access to apps and data.
For more information about Okta Device Access products and availability, visit the Okta Device Access product page.
Features
- Desktop Password Autofill
- When Desktop Password Autofill is enabled, users can sign in to their Windows computer without entering a password. They can use any factor supported by your authentication policy. The user still has a valid password that they can use if the passwordless sign-in attempt fails or the computer is offline. See Configure Desktop Password Autofill for Windows
- Self-service password reset
- Desktop MFA for Windows allows users to initiate a password reset if they're locked out of their computer. When changing a password with the self-service password reset, the user changes their Okta password, which is then synced with Active Directory or Azure Active Directory. See Enable self-service password reset for Windows.
- Desktop MFA recovery
- If a Windows or macOS user doesn't have access to their MFA authenticators and can't sign in to their computer, they need admin assistance to regain access. Desktop MFA recovery enables users to contact an IT admin for a time-limited device recovery PIN that grants temporary access to their computer. See Enable Desktop MFA recovery for Windows and Enable Desktop MFA recovery for macOS
- Simplified password management
- Users can synchronize their macOS password with their Okta password, eliminating the need to remember another password.
- Just-In-Time Local Account Creation
- Just-In-Time Local Account Creation allows users to create an account on a macOS computer using their Okta username and password from the macOS login window. Admins can streamline the account creation process for any Okta user in their tenant. This is especially beneficial for shared devices, or workstations that support multiple users. See Just-In-Time Local Account Creation for macOS.
- Device Logout
- Device Logout allows admins to sign users out of devices that are protected by Desktop MFA. If your org has Identity Threat Protection with Okta AI, you can configure an entity risk policy to automatically trigger the sign-out action. If a user is deactivated or suspended, Okta automatically signs the user out from all devices that are protected with Desktop MFA. See Sign users out of devices.