Silently enroll the Okta Privileged Access client

Silent enrollment allows you to automate the enrollment process and add multiple clients to Okta Privileged Access at the same time. This process saves time when deploying a Okta Privileged Access client across an organization. Many Okta Privileged Access teams use device management software like JAMF or SCCM to automate the process of installing and enrolling the client. The specifics of this process depend on the organizational requirements for each team.

Start the task

  1. Install the Okta Privileged Access client on all devices.
    See Install the Okta Privileged Access client
  2. For Windows, complete these steps when installing the client for all users:
    1. Download and run the installation MSI.
    2. On the ScaleFT Setup dialog, click Advanced.
    3. Select Install for all users of this machine.
    4. If you use SCCM, set ALLUSER=1 in the script. For example, msiexec.exe /i C:\<Package Location>\ScaleFT-1.68.10.msi ALLUSERS=1 /qn.
  3. Create an enrollment token.
    1. Sign in to the Okta Privileged Access dashboard.
    2. Go to the Clients panel.
    3. Go to Enrollment Policies tab, and then click Create Client Enrollment Policy.
    4. In the Enrollment Policy Type dropdown list, select Token.
    5. Enter a Description.
    6. Click Create Client Enrollment Policy.
    7. From the policy details window, click Create Token.
    8. In the token details modal, click the clipboard Clipboard icon to copy the token secret.

      This is the only time that you see this token secret. If you fail to store the secret in a safe location, it's lost forever.

  4. Save the enrollment token secret to a file on the devices being enrolled.
  5. Enroll the clients by running the following command on each device: sft fleet enroll --token-file <path\to\enrollment-token.txt>.

Upon success, the clients are enrolled with the team.

Related topics

Use the Okta Privileged Access client