Manage endpoint security integration plugins for Windows
Endpoint security integration plugins extend the functionality of the Okta endpoint security integration feature by enabling Okta Verify to collect trust signals from the Windows device it’s running on.
You can use Microsoft Endpoint Manager (MEM) to configure the plugins on your Windows device (for example, by using PowerShell scripts). On Windows devices, the plugins are located here: %PROGRAMDATA%\Okta\OktaVerify\Plugins. This allows you to specify which device signals to collect. Currently, you can run these scripts to install and uninstall the plugins on a device-by-device basis.
- Before you begin
- Install the WSC endpoint security integration plugin
- Install the CrowdStrike endpoint security integration plugin
- Uninstall an endpoint security integration plugin
Before you begin
- Set up endpoint security integrations
- Enable Okta FastPass
- Verify that Windows devices are registered with Okta
See Device registration.
- Verify that the client versions are supported:
- Windows Okta Verify 3.0 or later
- CrowdStrike Falcon Agent 6.14 or later
Okta recommends the latest version.
See Get started with endpoint security integrations.
See Enable Okta FastPass.
Windows Security Center is not supported on Windows servers.
Install the WSC endpoint security integration plugin
By default, the Windows Security Center (WSC) plugin is installed automatically when Okta Verify is installed. If you need to reinstall the plugin later for any reason, uninstall the current version, and then use this script.
$content = "{`r`n`t`"name`": `"com.okta.windowsSecurityCenter`",`r`n`t`"description`": `"Okta provided integration collecting signals through the Windows Security Center APIs.`",`r`n`t`"type`": `"DEFAULT`",`r`n`t`"format`": `"JSON`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"wscsvc`"`r`n`t`t}`r`n`t]`r`n}"
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
$filePath = $path + "com.okta.windowsSecurityCenter.json"
if (-not (Test-Path $path))
{
New-Item $path -ItemType Directory
}
$content | Out-File -FilePath $filePath
The PowerShell script configures the following JSON plugin file:
{
"name": "com.okta.windowsSecurityCenter",
"description": "Okta provided integration collecting signals through the Windows Security Center APIs.",
"type": "DEFAULT",
"format": "JSON",
"availabilityChecks": [
{
"type": "SERVICE_RUNNING",
"value": "wscsvc"
}
]
}
Install the CrowdStrike endpoint security integration plugin
The CrowdStrike plugin isn’t installed automatically when Okta Verify is installed. Based on your installation scenario, uninstall the current version if one exists, and then choose the appropriate installation procedure:
- Deploying Okta Verify to end-user Windows devices
In this case, you don't use the PowerShell script. Instead, use the command line provided by your management tool (GPO, MDM software) to include the EnableZTAPlugin flag in the installation command.
See Deploy Okta Verify to Windows devices for installation options.
- All other scenarios
- Okta Verify was installed by the end user and not by the admin through your management tool.
- You want to enable or disable functionality after Okta Verify is already installed on the device.
Use the PowerShell script. These scenarios may include:
$content = "{`r`n`t`"name`": `"com.crowdstrike.zta`",`r`n`t`"description`": `"Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.`",`r`n`t`"type`": `"FILE`",`r`n`t`"format`": `"JWT`",`r`n`t`"location`": `"%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta`",`r`n`t`"availabilityChecks`": [`r`n`t`t{`r`n`t`t`t`"type`": `"SERVICE_RUNNING`",`r`n`t`t`t`"value`": `"csagent`"`r`n`t`t}`r`n`t]`r`n}"
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\"
$filePath = $path + "com.crowdstrike.zta.json"
if (-not (Test-Path $path))
{
New-Item $path -ItemType Directory
}
[System.IO.File]::WriteAllText($filePath, $content)
The PowerShell script configures the following JSON plugin file:
{
"name": "com.crowdstrike.zta",
"description": "Okta provided integration with CrowdStrike Falcon endpoint collecting the zta score.",
"type": "FILE",
"format": "JWT",
"location": "%ProgramData%\\CrowdStrike\\ZeroTrustAssessment\\data.zta",
"availabilityChecks": [
{
"type": "SERVICE_RUNNING",
"value": "csagent"
}
]
}
Uninstall an endpoint security integration plugin
Always uninstall the current endpoint security integration plugin before installing a new version. To uninstall an endpoint security integration plugin from Windows computers for any reason, use this PowerShell script.
Replace [JSON_FILE_NAME] in the PowerShell script with the applicable JSON file:
- Windows Security Center: com.okta.windowsSecurityCenter.json
- CrowdStrike: com.crowdstrike.zta.json
$path = $env:ProgramData + "\Okta\OktaVerify\Plugins\[JSON_FILE_NAME]"
if ((Test-Path $path))
{
Remove-Item -Path $path
}