Configuring Okta Desktop MFA for macOS with VMware Workspace ONE
In this blog post, we will explore how to configure Okta Desktop MFA for macOS using the Okta Verify app and VMware Workspace ONE. We will also show you how to deploy the app through the VMware Workspace ONE console.
Okta Desktop MFA is an extra layer of security that adds a device access code to the macOS sign-in process, ensuring that only authorized users can access their computers and data. By using Okta Verify, you can set up an offline authentication method in addition to the MFA methods you might already be familiar with.
Configuring Okta Desktop MFA in the Okta Admin Console
To configure Okta Desktop MFA for macOS, follow these steps:
1. In the Okta Admin Console, go to Settings > Account > Embedded widget sign-in support and ensure that the Interaction Code checkbox is selected.
2. Enable Direct Authentication by going to Settings > Features and enabling Direct Authentication.
3. In the Applications section of the console, click Browse App Catalog and search for Desktop MFA. Click Add integration.
4. On the Sign on tab, go to the Settings section and click Edit.
5. Select Okta username prefix from the Application username format dropdown menu.
6. Assign the app to relevant users or groups on the Assignments tab.
7. Obtain the Client ID and Client secret from the General tab, which will be generated when you create the app integration.
Preparing the Device Management Profile in VMware Workspace ONE
To deploy the Okta Verify app for macOS through VMware Workspace ONE, follow these steps:
1. Log in to your VMware Workspace ONE console and navigate to Resources > Apps.
2. Click Internal, then select Application File from the Add dropdown menu.
3. Upload the DMG file of the Okta Verify app by clicking Upload and selecting Choose File.
4. After the upload has been completed, click Continue.
5. Upload the Metadata file by clicking Upload and selecting the PLIST file from the same folder.
6. Click Save and Assign to create the device management profile.
7. Name the profile with a name of your choice.
8. In the Custom Settings Payload within the Profile, add the following custom settings:
{ “PayloadContent”: { “com.okta.deviceaccess.servicedaemon”: { “Forced”: [ { “mcx_preference_settings”: { “DMFAClientId”: “your-client-id”, “DMFAuthenticationMethod”: “your-authentication-method” } } ] } } } }
Customize the profile to your preferences or needs.
Ensure that the MDM profile has been successfully deployed to end-user devices before deploying the macOS Okta Verify package!!
Setting Up a Device Access Code
To set up a device access code on your macOS computer, follow these steps:
1. Start your macOS computer.
2. Enter your username and password.
3. Before you can access your desktop, the Okta Device Access set up screen appears. Click Continue.
4. Enter your Okta username and click Sign In.
5. A push notification is sent to your mobile device. Tap Yes, it’s me on your device to complete the sign in.
6. On your computer, click Continue to start the next phase of the process.
7. Scan the QR-Code with your Okta Verify App on your mobile device.
8. A new account in your Okta Verify App was created, called Device access code.
9. Type in the Device access code here and press Continue.
10. After successful authentication, you should see the following screen. Just press Finish and you are set.
Conclusion
In this blog post, we have explored how to configure Okta Desktop MFA for macOS using the Okta Verify app and VMware Workspace ONE. We have also shown you how to deploy the app through the VMware Workspace ONE console. By setting up a device access code, you can ensure that only authorized users can access their computers and data.