Use Okta as a CA for Device Access

There are three different ways to configure Okta as a Certificate Authority (CA) for Okta Device Access:

• Okta as a CA with static SCEP

• Okta as a CA with dynamic SCEP

• Okta as a CA with delegated SCEP

The configuration of each certificate follows the same processes as configuring Okta as a CA for device management.

While following the configuration process, make the following two minor changes to allow the CA to be used specifically for Device Access:

1. In the Admin Console, go to SecurityDevice integrations.

   Select the Device Access tab instead of the Endpoint management tab.

2. When creating the SCEP profile in your MDM, set the Level of the SCEP profile to Computer Level instead of User Level.

Follow the appropriate process for your org and device operating systems:

Platform	Task
macOS	Configure Okta as a CA with static SCEP challenge for macOS with Jamf Pro Configure Okta as a CA with dynamic SCEP challenge for macOS with Jamf Pro Configure Okta as a CA with delegated SCEP challenge for macOS with MEM
Windows	Configure Okta as a CA with static SCEP challenge for Windows using Workspace ONE Configure Okta as a CA with delegated SCEP challenge for Windows with MEM

Next step

Verify certificate deployments