Configure management attestation for desktop devices
Complete these tasks, in the presented sequence, to configure management attestation for desktop devices. Mandatory and recommended tasks are listed in the table.
|
Task |
Description |
|---|---|
|
|
|
Use Okta as a certificate authority (CA):
Provide your own certificate authority (CA): See Use your own certificate authority for managed devices. A user or device may be displayed as unmanaged after deployment of the SCEP certificate. This value is updated after the user has successfully authenticated and signed in with Okta FastPass. |
|
| Add an authentication policy rule for desktop |
Create policies to manage access to apps based on criteria you specify in the policy rules. You must enable Okta FastPass. Optionally, you can configure policies to remove password-based authentication. |
| Configure an SSO extension on managed macOS devices | macOS-only. If setting up passwordless authentication for macOS users, configure Credential SSO extension to forward requests from a browser or app to Okta Verify so end users on managed macOS devices have a seamless, single sign-on experience. |
|
macOS only. Deploy Okta Verify to end-user devices using your device management solution. |
|
| Windows only. Deploy Okta Verify to end-user devices using your device management solution or Microsoft Endpoint Manager (MEM). | |
|
(Optional) Let users skip the Open Okta Verify prompt |
Provide a check box allowing end users to prevent being prompted to Open Okta Verify. |
|
(Optional) Endpoint security integrations |
You can integrate Okta Verify with your organization's Endpoint Detection and Response (EDR) solution. EDR integration extends device posture evaluation by enabling Okta Verify to capture signals collected by your EDR client running on the same device. |
|
(Optional) Managed app configurations |
macOS only. You can remotely configure Okta Verify by deploying managed app configurations through your device management solution. |