Integrate Okta with your MDM software

Configure your Mobile Device Management (MDM) software to manage Okta Verify and to install it on user devices.

Before you begin

Make sure that your MDM software supports managed app configuration. For best results, integrate with MDM software that support these features:

  • Use the managed app configuration to configure the key-value pair.
  • Set Okta Verify to install on user devices silently and automatically when they enroll in your chosen MDM software.

If you're configuring your MDM software to deploy Okta Verify to Android devices, make sure that Okta Verify is installed in the work profile of the device.

Start this task

This section provides high-level integration instructions for MDM software and configuration tips for some MDM software solutions. For detailed instructions, see the documentation provided by your MDM software solution.

  1. Configure your MDM software to manage Okta Verify and to install it on end user devices.

  2. Set the Team Identifier to B7F62B65BN.

  3. Configure the key-value pair by using your MDM software's managed app configuration as described in their documentation:

    The key-value pair is case-sensitive.

MDM configuration

Use the following information to configure the key-value pairs in your MDM software. As MDM configurations can change, Okta recommends that you always consult the latest documentation for your MDM software solution. The following sections cover configuration settings for some of the most common MDM solutions.

Jamf Pro for iOS

Configure the Okta Verify distribution:

  1. On the Devices tab on your Jamf Pro dashboard, click Mobile Device Apps and then click + New.
  2. Select App store app or apps purchased in volume and then click Next.
  3. Search for Okta Verify. Select the iPhone & iPod touch apps tab, and then click Add beside the Okta Verify app.
  4. On the General tab of the New Mobile Device App page, select the Convert unmanaged app to managed option. Ignore the rest of the settings and click Save.
  5. Click the Scope tab, and then click Edit. Define the users or groups that you want to deploy to, and then click Save.

  6. Select the App Configuration tab. Copy the following code and paste it into Jamf Pro. Update the information with your secret key:

    Copy 
    <dict>
    <key>OktaVerify.UDID</key>
    <string>$UDID</string>
    <key>managementHint</key>
    <string>{Your-Okta-Secret-Key}</string>
    </dict>

Configure the SSO Extension:

  1. On the Devices tab on your Jamf Pro dashboard, click Configuration Profiles.

  2. Enter a name for the new profile.

  3. In the side bar, scroll down and click Single Sign-On Extensions. Click + Add. Configure the following settings:

    1. Payload Type: SSO

    2. Extension Identifier: com.okta.mobile.auth-service-extension

    3. Sign-on Type: Credential

    4. Realm: Okta Device

    5. Hosts: Enter your Okta org domain without the protocol prefix, for example yourorg.okta.com.

    6. Custom Configuration: Copy the following code snippet into a .plist file on your computer to upload into Jamf Pro. Update the information with your secret key:

      Copy 
      <plist version="1.0">
      <dict>
      <key>OktaVerify.UDID</key>
      <string>$UDID</string>
      <key>managementHint</key>
      <string>{Your-Okta-Secret-Key}</string>
      </dict>
      </plist>

    7. Click Save.

Workspace ONE for Android

To add, assign, and manage Okta Verify, follow the procedures in the Workspace ONE topic, Add assignments and exclusions to your Android applications with the following settings:

  • App Delivery Method: Automatic
  • Managed Access: Enable

For other configuration settings, see Okta Verify configurations for Android devices.

Workspace ONE for iOS

Configure the Add Application section:

  • Platform: Apple iOS

  • Source: Search App Store

  • Name: Enter the name of the app. After you click Next, the search finds the app.

  • Details: Keep the defaults, and then click Save & Assign.

Configure the Assignment section:

  • Distribution

    • Name: Enter a name.

    • Assignment Groups: Specify one or more groups.

    • App Delivery Method: Auto

  • Restrictions

    • Make App MDM Managed if User Installed: Enable

  • Application Configuration

    • Managed Access: Enable

    • Send Configuration: Enable

    • Click +Add and configure the following settings:

      • Configuration Key: managementHint

        Value Type: String

        Configuration Value: Enter the Secret Key that you generated for your org.

For other configuration settings, see Okta Verify configurations for iOS devices.

Microsoft Intune for Android

Follow the procedures in the Microsoft Intune topic Add app configuration policies for managed Android Enterprise devices with the following settings:

  • Device enrollment type: Managed devices
  • Associated App: Okta Verify
  • Configuration settings format: Use configuration designer
  • Username (string): Enter your username for your Okta org.

Next steps

Configure an SSO extension on iOS devices