Manage endpoint security integration plugins for Windows

Endpoint security integration plugins extend the functionality of the Okta endpoint security integration feature by enabling Okta Verify to collect trust signals from the Windows device it’s running on.

You can use Microsoft Endpoint Manager (MEM) to configure the plugins on your Windows device (for example, by using PowerShell scripts). On Windows devices, the plugins are located here: %PROGRAMDATA%\Okta\OktaVerify\Plugins. This allows you to specify which device signals to collect. Currently, you can run these scripts to install and uninstall the plugins on a device-by-device basis.

• Before you begin
• Install the WSC endpoint security integration plugin
• Install the CrowdStrike endpoint security integration plugin
• Uninstall an endpoint security integration plugin

Before you begin

• Set up endpoint security integrations

See Get started with endpoint security integrations.

• Enable Okta FastPass

See Enable Okta FastPass.

• Verify that Windows devices are registered with Okta

  See Device registration.

• Verify that the client versions are supported:
  • Windows Okta Verify 3.0 or later

  Okta recommends the latest version.

  • CrowdStrike Falcon Agent 6.14 or later

Windows Security Center is not supported on Windows servers.

Install the WSC endpoint security integration plugin

By default, the Windows Security Center (WSC) plugin is installed automatically when Okta Verify is installed. If you need to reinstall the plugin later for any reason, uninstall the current version, and then use this script.

1
2
3
4
5
6
7
8
$content = "{`r`n`t`"name`": `"com.okta.windowsSecurityCenter`",`r`n`t`"description`": `"Okta provided integration collecting signals through the Windows Security Center APIs.`",`r`n`t`"type`": `"DEFAULT`",`r`n`t`"format`": `"JSON`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"wscsvc`"`r`n`t`t}`r`n`t]`r`n}"
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
$filePath = $path + "com.okta.windowsSecurityCenter.json"
if (-not (Test-Path $path))
{
New-Item $path -ItemType Directory
}
$content | Out-File -FilePath $filePath

The PowerShell script configures the following JSON plugin file:

1
2
3
4
5
6
7
8
9
10
11
12
{
  "name": "com.okta.windowsSecurityCenter",
  "description": "Okta provided integration collecting signals through the Windows Security Center APIs.",
  "type": "DEFAULT",
  "format": "JSON",
  "availabilityChecks": [
    {
      "type": "SERVICE_RUNNING",
      "value": "wscsvc"
    }
  ]
}

Install the CrowdStrike endpoint security integration plugin

The CrowdStrike plugin isn’t installed automatically when Okta Verify is installed. Based on your installation scenario, uninstall the current version if one exists, and then choose the appropriate installation procedure:

• Deploying Okta Verify to end-user Windows devices

In this case, you don't use the PowerShell script. Instead, use the command line provided by your management tool (GPO, MDM software) to include the EnableZTAPlugin flag in the installation command.

See Deploy Okta Verify to Windows devices for installation options.

• All other scenarios

Use the PowerShell script. These scenarios may include:

• Okta Verify was installed by the end user and not by the admin through your management tool.
• You want to enable or disable functionality after Okta Verify is already installed on the device.
Copy

1
2
3
4
5
6
7
8
$content = "{`r`n`t`"name`": `"com.crowdstrike.zta`",`r`n`t`"description`": `"Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.`",`r`n`t`"type`": `"FILE`",`r`n`t`"format`": `"JWT`",`r`n`t`"location`": `"%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"csagent`"`r`n`t`t}`r`n`t]`r`n}"
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
$filePath = $path + "com.crowdstrike.zta.json"
if (-not (Test-Path $path))
{
New-Item $path -ItemType Directory
}
[System.IO.File]::WriteAllText($filePath, $content)

The PowerShell script configures the following JSON plugin file:

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
{
  "name": "com.crowdstrike.zta",
  "description": "Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.",
  "type": "FILE",
  "format": "JWT",
  "location": "%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta",
  "availabilityChecks": [
    {
      "type": "SERVICE_RUNNING",
      "value": "csagent"
    }
  ]
}

Uninstall an endpoint security integration plugin

Always uninstall the current endpoint security integration plugin before installing a new version. To uninstall an endpoint security integration plugin from Windows computers for any reason, use this PowerShell script.

Replace [JSON_FILE_NAME] in the PowerShell script with the applicable JSON file:

• Windows Security Center: com.okta.windowsSecurityCenter.json
• CrowdStrike: com.crowdstrike.zta.json

1
2
3
4
5
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\[JSON_FILE_NAME]"
if ((Test-Path $path))
{
Remove-Item -Path $path
}

Next steps

• Validate your endpoint security integration