EUC TECH: Enabling Single Sign-On with Okta for macOS Devices
In this blog post, we will guide you through the process of enabling single sign-on (SSO) with Okta for your macOS devices using the Desktop Password Sync feature. This feature allows users to authenticate themselves using their Okta credentials directly from the macOS login screen, providing a seamless and passwordless authentication experience.
Getting Started with Okta Desktop Password Sync
To get started, you will need to have the Okta Verify app installed on your macOS device. You can download the app from the Okta App Store. Once installed, open the app and sign in with your Okta credentials.
Configuring the Okta Verify App
Once you have signed in to the Okta Verify app, you will need to configure the app to work with your macOS device. To do this, follow these steps:
1. Go to the Okta Admin Console and search for “Desktop Password Sync” in the Catalog.
2. Click on the “Add Integration” button next to the Desktop Password Sync app.
3. Open the Desktop Password Sync app from your Applications list to configure it.
4. On the General tab, you can edit the application label or use the default one.
5. On the Sign on tab, make note of the Client ID. You will need this when creating the managed app configuration in your Workspace ONE environment.
6. Assign the app to individual users or groups on the Assignments tab. Users must be assigned the app to use Desktop Password Sync.
Preparing the Okta Verify App for Deployment
To prepare the Okta Verify app for deployment, you will need to download the Workspace ONE Admin Assistant Tool and prepare the Okta Verify app for deployment through Workspace ONE UEM. This process is covered in detail in our previous blog post, “How to Prepare the Okta Verify App for Deployment.”
Creating the SSO Extension Profile in Workspace ONE
To create the SSO extension profile in Workspace ONE, follow these steps:
1. Navigate to the Resources > Profiles & Baselines section in your Workspace ONE console.
2. Click on the “Create Profile” button and select “Extension” from the dropdown menu.
3. Give the profile a name (e.g., “Okta Verify SSO”).
4. Select ” Okta Verify” as the identity provider.
5. Configure the profile to use the Client ID you noted earlier.
6. Click “Save” to save the profile.
Enrolling Your macOS Device into Workspace ONE
To enroll your macOS device into Workspace ONE, follow these steps:
1. Download and install the Intelligent Hub on your macOS device.
2. Open the Intelligent Hub app and navigate to the “Enroll” tab.
3. Select “Workspace ONE” as the identity provider.
4. Authenticate with your Okta credentials using the Okta Verify app.
5. Once authenticated, the Enrollment Profile will be downloaded and installed on your device.
6. Double-click on the MDM Profile to install it.
7. Enter the username and password you created for the VM local user when prompted.
8. You should see a “Congratulations” screen indicating successful enrollment.
9. The Okta Verify app should also be installed successfully.
Registration Required Dialog Box
After successful enrollment, you will see a “Registration Required” dialog box appear upon login or soon after. To complete the registration process, follow these steps:
1. Click on the “Set up” button in the dialog box.
2. Authenticate with your Okta credentials using the Okta Verify app.
3. After successful authentication, you will see a “Your identity is verified” screen.
4. Close the browser tab.
5. You can now log out and log back in using your Okta password!
Conclusion
In this blog post, we have covered the process of enabling single sign-on with Okta for macOS devices using the Desktop Password Sync feature. We have also provided a step-by-step guide on how to configure the Okta Verify app and create the SSO extension profile in Workspace ONE. With these steps, you can now provide your users with a seamless and passwordless authentication experience.