Okta Verify's desktop app is a way for users without a phone to have a way to verify their account to meet MFA requirements, or for those with phone apps to have a faster way to verify on a specific device than a phone push.
macOS
Step 1 – Download Okta Verify for Windows
In Admin Console, go to Settings → Downloads
Under End User Apps, download:
Okta Verify for Mac
Step 2 – Install Okta Verify for Mac
Install via the Device management > Applications > Okta Verify app template
Configure your Apple Multiple SCEP Policy
The Apple Multiple SCEP Policy is responsible for delivering Okta device certificates via Okta CA. Apple Multiple SCEP Policy | Help Center | Swif.ai
Name: We can write “SCEPOkta”.
Challenge, URL: Provided by User
Key Usage, Key Size, Retries, Retry Delay, Subject Arr: We can use the default
{
"name": "SCEPOkta",
"challenge": "wz--P0JZpPLP_S8w7qE6GiQSnb5vKAhWCJKYQYrxchA",
"keyUsage": 1,
"keySize": 2048,
"retries": 3,
"retryDelay": 10,
"url": "https://trial-9486882.okta.com/pki/0CE8AF5172FBF9C8B36434F4C20A67AB09809929/scep/rac23q9j7xnXCbxiO698",
"subjectArr": [
{
"key": "CN",
"value": "{{MAIL}}"
}
]
}
Windows
Step 1 – Download Okta Verify for Windows
In Admin Console, go to Settings → Downloads
Under End User Apps, download:
Okta Verify for Windows (.exe)
Step 2 – Install Okta Verify for Windows
Install via the Device management > Applications > Okta Verify app template
(Optional) Enable Okta Desktop MFA on Windows
What is Okta Desktop MFA?
Okta Desktop MFA for Windows adds a layer of security to the Windows sign-in process. It ensures that a user must prove their identity with additional factors to access their physical or virtual Windows machines.
You need to set up Desktop MFA first at Okta's portal: Configure Desktop MFA for Windows Devices with Okta SSO.
To set up Okta Desktop MFA on Windows
CLIENTID and CLIENTSECRET arguments are required for Desktop MFA deployment. They are obtained while adding integration for Okta Desktop MFA. Without these parameters, the Okta Verify App will be configured without Desktop MFA.
You can run the installer with arguments: SKU, CLIENTID, CLIENTSECRET, and ORGURL from Okta.
Here is the sample of the app template I used for the installation and configuration of Desktop MFA in JSON format:
{
"name": "Okta",
"catalogs": [
"Custom",
"Endpoint Security"
],
"version": "6.6.2.0",
"icon": "https://img.logo.dev/okta.com?token=pk_VHL5c0FDRk2K6FT8v0vHdQ",
"domain": "okta.com",
"installerItemSize": 37736928,
"applicationData": {
"display_name": "Okta",
"version": "6.6.2.0",
"check": {
"registry": {
"name": "OktaVerify-x64-6.6.2.0",
"version": "6.6.2.0"
}
},
"installer": {
"arguments": [
"/q",
"SKU=ALL",
"CLIENTID=0oazhgbczxguLUHK9697",
"CLIENTSECRET=71dkGGHz2—VHYNwqvWWFyQDSaZXNCZrGEALYr7jYМ—А0roKrQd0ZTLlm9jYBLtjR",
"ORGURL=https://trial-3832579-admin.okta.com"
],
"hash": "4e21d4c33a7684f77c75acd4d81f7495ea961bfab1bc77c4d27c503419407a42",
"location": "https://user-assets.swif.ai/custom-packages-windows/org-66d0b8ac2e00001d0080a761/Okta/715b36fb-fb8e-4602-acaf-a5f988fa11f1/OktaVerifySetup-6.6.2.0-4997fa8.exe",
"type": "exe"
},
"uninstaller": {}
},
"description": "Okta Installation",
"installedName": "Okta Verify"
}After installation on devices, device users need to :
Accept license terms
Complete the setup wizard