Learn how to configure the Okta Verify App Store app for Okta Device Trust
After configuring the Okta Device Trust (ODT) Integration in Kandji, the Okta Verify Library item (distributed from ABM or ASM) is used to deploy ODT to your Apple devices. After turning on ODT, required settings, configurations, and resources will be applied to this Library item and deployed automatically to devices in scope.
For macOS, the downloadable package of Okta Verify is not compatible with the ODT integration. Okta recommends deployment of Okta Verify via Apple Business Manager or Apple School Mananger.
- The Okta Verify Apple App Store app must be assigned to Kandji via Apps and Books in Apple Business Manager or Apple School Manager.
Configuring Okta Verify for ODT
- In Kandji, go to the Library.
- Find and click on the Okta Verify App Store app in the App Store Apps section. You can use the search option to narrow down the results if you have many apps in your Library.
- Assign the Library item to one or more Blueprints. If this is the first time deploying ODT, it is a good idea to deploy to a test blueprint scoped to a limited number of devices so that you can see how it functions when deployed.
- For the installation type, choose Install and continuously enforce. If Okta Verify is already installed on some devices, this process will not reinstall the app, but Kandji will take over the management of the app.
- In the Okta Device Trust section, click the to turn on ODT.
You will see a modal letting you know that Managed AppConfig for iPhone and iPad will be disabled in the library item and will be managed by the ODT integration. Click Yes, turn on Okta Device Trust to continue.
Once turned on, you will see the device families that are configured for ODT and the configured Okta domain.
What settings are deployed to devices
Once ODT is set up, enabled, and scoped to your blueprints, the following settings payloads are automatically configured and delivered to Apple devices in the scope of Okta Device Trust in Kandji.
|Dynamic SCEP challenge certificate||macOS||This is a unique Okta SCEP certificate per device. The certificate is used in the device registration process.|
|OktaVerify.EnrollmentOptions||macOS||Okta Verify |
|Okta Verify Login item||macOS||This payload adds Okta Verify as a login item on macOS and will start Okta Verify at user login.|
|Managed app config||iOS and iPadOS||This App Config contains the |
|SSO Extension payload||macOS, iOS, and iPadOS||The SSO extension forwards requests from the browser or app to Okta Verify, and users do not receive the Open Okta Verify browser prompt. Not supported on Chrome or Firefox.|