EUC TECH: Managing iOS Devices with Workspace ONE and Okta
In today’s digital age, managing mobile devices has become an essential aspect of endpoint computing. With the increasing use of iOS devices in the workplace, it is crucial to ensure that these devices are properly managed and secured. In this blog post, we will explore how to manage iOS devices using Workspace ONE and Okta.
Before we dive into the configuration process, let’s first understand why managing iOS devices is essential. iOS devices are popular among end-users due to their ease of use and versatility. However, these devices can also pose a significant security risk if not properly managed. Unmanaged devices can lead to data breaches, unauthorized access, and other security threats. Therefore, it is crucial to ensure that all iOS devices used in the workplace are properly managed and secured.
Workspace ONE and Okta provide an ideal solution for managing iOS devices. Workspace ONE is a unified endpoint management (UEM) platform that allows IT administrators to manage and secure various endpoints, including iOS devices. Okta, on the other hand, is an identity and access management (IAM) platform that provides secure authentication and authorization. By combining these two platforms, IT administrators can create a seamless and secure experience for end-users.
To begin managing iOS devices with Workspace ONE and Okta, follow these steps:
1. Log in to your Okta Admin Console and go to Security > Device Integrations. Click the Endpoint Management tab and then click Add Platform. Select iOS as the platform and click Next.
2. Configure the management attestation by selecting Use existing key if you already have a secret key, or generate a new secret key using the default setting. Copy the provided secret key to your clipboard for later use.
3. In the Enrollment link field, enter the URL provided by Workspace ONE UEM for redirecting end-users with unenrolled devices.
4. Log in to your Workspace ONE UEM Console and navigate to the Apps section. Press the ADD APPLICATION button to add the Okta Verify application. Select Platform (Apple iOS) and enter the Application Name (Okta Verify). Press Next to continue.
5. You should see the Okta Verify app in the search results. Press SELECT on the right to add the app to your Inventory. Adjust settings as needed, such as application label, and press SAVE & ASSIGN to continue.
6. Within the Distribution menu, enter a Name, select a group (Workspace ONE Assignment Group(s)), and set the App Delivery Method to Auto.
7. In the Application Configuration menu, enable Send Configuration and click ADD to add the following configuration keys:
Configuration Key: managementHintValue Type: String Configuration Value: Enter the secret key you copied from the Okta Console (management attestation configuration)
Configuration Key: OktaVerify.OrgUrlValue Type: String Configuration Value: Your Okta URL (example.okta.com)
Press CREATE and SAVE your settings.
Now, you should see the Okta Verify app in your Workspace ONE UEM Application Inventory. To enable SSO extension profiles for Okta FastPass authentication on managed iOS devices, follow these steps:
1. Navigate to RESOURCES –> Profiles & Baselines –> Profiles. Click ADD and select Add Profile.
2. Select Apple iOS as the platform and click Device Profile. Label the profile and navigate to the SSO Extension Payload.
3. Configure the following settings:
* Management Hint Value: Enter the secret key you copied from the Okta Console
* Okta Verify URL: Enter your Okta URL (example.okta.com)
* Save & Publish your profile.
4. Navigate to DIRECTORY –> PEOPLE and select the desired user.
5. Navigate to the DEVICES section and select your device. You should now see that your device has a Management status of “Managed.”
6. To add an authentication policy rule and leverage the Device management flag, follow these steps:
* Navigate to POLICY –> AUTHENTICATION –> POLICIES. Click ADD POLICY.
* Select the desired user and click SAVE & ASSIGN.
By following these steps, you can successfully manage iOS devices using Workspace ONE and Okta. This solution provides a seamless and secure experience for end-users while ensuring that your organization’s data and assets are protected.