Integrate Okta with your MDM software

Configure your Mobile Device Management (MDM) software to manage Okta Verify and to install it on end-user devices.

Before you begin

Make sure that your MDM software supports managed app configuration. For best results, integrate with MDM software that support these features:

  • Use the managed app configuration to configure the key-value pair.
  • Set Okta Verify to install on end-user devices silently and automatically when they enroll in your chosen MDM software.

    • If you're configuring your MDM software to deploy Okta Verify to Android devices, make sure that Okta Verify is installed in the work profile of the device.

Start this task

This section provides high-level integration instructions for MDM software, and configuration tips for some MDM software solutions. For detailed instructions, see the documentation provided by your MDM software solution.

  1. Configure your MDM software to manage Okta Verify and to install Okta Verify on end-user devices that don't have it installed.
  2. Configure the key-value pair, by using your MDM software's managed app configuration as described in their documentation:

Configuration tips

Use these tips to configure the key-value pair in MDM software applications. MDM software configurations can change. Therefore, Okta recommends that you always consult your MDM software solution's documentation.

MDM software

Platform

Configuration tips

Jamf Pro

iOS

Okta Verify distribution:

  1. On the Devices tab on your Jamf Pro dashboard, click Mobile Device Apps and then click + New. Select App store app or apps purchased in volume and then click Next.

  2. Search for Okta Verify. Select the iPhone & iPod touch apps tab, and then click Add beside the Okta Verify app.

  3. On the General tab of the New Mobile Device App page, select the Convert unmanaged app to managed option. Leave the rest of the settings as they are, and then click Save.

  4. Click the Scope tab, and click Edit. Define the users or groups that you want to deploy to, and then click Save.

  5. Select the App Configuration tab. Copy the following code, and paste it into Jamf Pro. Update the information with your secret key:

    Copy 
    <dict>
    <key>OktaVerify.UDID</key>
    <string>$UDID</string>
    <key>managementHint</key>
    <string>Okta-Tenant-Secret-Key</string>
    </dict>

SSO Extension:

  1. On the Devices tab on your Jamf Pro dashboard, click Configuration Profiles.

  2. Enter a name for the new profile.

  3. In the side bar, scroll down and click Single Sign-On Extensions. Click + Add. Configure the following settings:

    1. Payload Type: SSO

    2. Extension Identifier: com.okta.mobile.auth-service-extension

    3. Sign-on Type: Credential

    4. Realm: Okta Device

    5. Hosts: Enter your Okta org domain without the protocol scheme, for example yourorg.okta.com

    6. Custom Configuration: Copy the following code and create a .plist file on your computer to upload into Jamf Pro. Update the information with your secret key:

      Copy 
      <plist version="1.0">
      <dict>
      <key>OktaVerify.UDID</key>
      <string>$UDID</string>
      <key>managementHint</key>
      <string>Okta Tenant Secret Key</string>
      </dict>
      </plist>

    7. Click Save.

VMware

Android

For how to add, assign, and manage Okta Verify with Workspace ONE UEM, perform the procedures as described in the following Workspace ONE UEM documentation:

Add Assignments and Exclusions to your Android Applications

Configure the following settings:

iOS

In Add Application:

  • Platform: Apple iOS
  • Source: Search App Store
  • Name: Enter the name of the app. A search finds the app after you click Next.
  • Details: Keep the defaults, and then click Save & Assign

In Assignment:

  • Distribution:
    • Name: Enter a name.
    • Assignment Groups: Specify a group(s).
    • App Delivery Method: Auto
  • Restrictions:
    • Make App MDM Managed if User Installed: Enable
  • Application Configuration:
    • Managed Access: Enable
    • Send Configuration: Enable
    • Click +Add and configure settings:

      • Configuration Key: managementHint

        Value Type: String

        Configuration Value: Enter the Secret Key that you generated in the previous procedure STEP 2 – Enable Management Attestation for your org.

      • For more configuration settings, see Okta Verify configurations for iOS devices.

Microsoft Intune

Android

To manage Okta Verify with Microsoft Intune for Android devices, perform the procedures as described in the Microsoft Intune document Add app configuration policies for managed Android Enterprise devices.

  • Device enrollment type: Managed devices
  • Associated App: Okta Verify
  • Configuration settings format: Use configuration designer
  • Username (string): Enter your username for your Okta org

Next steps (mandatory)

Configure an SSO extension on iOS devices