Deploy Desktop MFA to your endpoints

Use your MDM solution to deploy the Okta Verify package that you downloaded from the Admin Console to your Windows endpoints.

Okta Verify updates automatically when new releases are available. See Okta Verify for Windows release notes.

For more details, see Add a Windows line-of-business app to Microsoft Intune in the Microsoft documentation.

Procedure

To enable online MFA methods, call the Okta Verify setup executable with these command-line parameters:

ORGURL: The URL of your Okta org.
CLIENTID: This is the client ID that you saved from the General tab of the Desktop MFA app. See Create and configure the Desktop MFA app integration.
CLIENTSECRET: This is the client secret that you saved from the General tab of the Desktop MFA app. See Create and configure the Desktop MFA app integration.
SKU: SKU=ALL

If Okta Verify is installed with SKU=ALL, then the Windows Credential Provider is hidden when the user signs in.

You can use Windows command-line options to adjust the parameters of your installation. For example, to run the installer in quiet mode, add the /q option. This hides the interface during installation. The end user doesn't receive prompts or messages, and can't cancel the installation.

Example

OktaVerifySetup--x.x.x.x-yyyyyyy.exe SKU=ALL ORGURL=https://customerorg.oktapreview.com CLIENTID=xxxxxxxx CLIENTSECRET=xxxxxxxx

Next steps

Configure access policies

Enable self-service password reset

Windows Desktop MFA user experience

Support your users