Managed app configurations for Windows devices

You can use your mobile device management (MDM) solution to deploy managed app configurations to domains. The configurations enable Okta Verify functionality. To update Okta Verify settings, redeploy the configurations.

Use the following flags and values to configure Okta Verify:

• AutoUpdateDeferredByDays

• BluetoothEnrollmentBootstrapping

• DeviceHealthOptions

• EnableZTAPlugin

• EnrollInBetaProgram

• EnrollmentOptions

• LogLevel

• OrgUrl

• ProxyPacFileLocation

• ProxyPassword

• ProxyURL

• ProxyUserName

• ReportDiagnostics

AutoUpdateDeferredByDays

Defer automatic updates by one to thirteen days past the staggered release end date. There's no value set by default.

Value: Integer from 1 through 13

BluetoothEnrollmentBootstrapping

By default (when no value is set), all users can transfer their Okta Verify accounts to a new device by using Bluetooth.

Values (strings):

Disabled: This option deactivates the feature.

Enabled: This option enables the feature if you previously disabled it.

DeviceHealthOptions

Hide the Device Health page, or hide specific health checks in Okta Verify on end-user devices. You can select multiple values. Separate the values by using a semicolon. For example, HideOSUpdate;HideDiskEncryption hides the OS update and disk encryption checks. All other device checks are shown.

If the value contains Disabled, the Device Health page isn't displayed in Okta Verify.

By default (when no value is set), all device health checks are displayed in Okta Verify on end-user devices.

Values (strings):

Disabled: Hides the device health page and badge.

HideOSUpdate: Hides the OS version check.

HideDiskEncryption: Hides the disk encryption check.

HideBiometrics: Hides the biometrics check.

EnableZTAPlugin

Configure whether the CrowdStrike endpoint detection and response (EDR) manifest file is deployed to devices during Okta Verify installation. See Manage endpoint security integration plugins for Windows.

Values (boolean):

TRUE: The manifest file is deployed to devices during Okta Verify installation.

FALSE: Default. The manifest file isn't deployed to devices during Okta Verify installation.

EnrollInBetaProgram

Configure whether users can enroll in the Okta Verify beta program on their Windows devices.

By default (when no value is set), users aren't enrolled in the beta program. To enroll, users open Okta Verify and select Join our beta program on the Settings page.

Values (boolean):

TRUE: Users are enrolled in the beta program.

FALSE: Users aren't enrolled in the beta program and can't enroll by selecting Join our beta program on the Okta Verify Settings page.

EnrollmentOptions

Configure whether end users are prompted to enroll in Okta Verify. You can reduce the number of user prompts or control the rollout of Okta Verify and Okta FastPass in your org.

Values (strings):

SilentEnrollmentDisabled: Default. Users are prompted to add an Okta Verify account only if they click Sign in with Okta Verify.

Enabled: Users are prompted to add an account during any Okta FastPass authentication, including flows which don't require user interaction.

Disabled: Users are never prompted to enroll in Okta Verify unless they open the app and click Add an account.

LogLevel

Configure the log level for the event viewer.

Values (strings):

None

Critical

Error

Warning: Default

Info

Debug

OrgUrl

When you configure this flag, the org URL is included on the user's enrollment page and automatically deploys updates to Okta Verify when available. See Deploy Okta Verify to Windows devices.

There's no value set by default.

Value (string): <fully-qualified_domain_name> or <org_sign-in_URL>

ProxyPacFileLocation

Configure the PAC file path for the proxy server. When you set the PAC file location, the AutoUpdate service is updated (C:\Program Files\Okta\UpdateService\Okta.Coordinator.Service.exe.config).

There's no value set by default.

Value (string): <PAC_file_path>

Proxy settings can be configured at installation time using a ProxyURL or ProxyPacLocation argument, depending on the customer's proxy setting. For example, OktaVerifySetup-X.X.X.X-YYYYYYY.exe ProxyPacLocation=<pac-file-location>.

A configuration is created:

<appSettings>
<system.net>
<defaultProxy>
<proxy scriptLocation="PacFileLocation>"/>
</defaultProxy>
</system.net>

ProxyPassword

Configure the password for the authentication proxy server.

If you use spaces, enclose the password with double quotes (""). The password is encrypted before it’s stored in the service configuration file. The password is decrypted by the value set in the ProxyPasswordEntropy flag.

If you use this flag, the ProxyURL and ProxyUsername flags are also required.

There's no value set by default.

Value (string): <password>

For example, GhKan2a_ya12

ProxyURL

Configure the URL and port for the proxy server that are used to access the AutoUpdate Service (C:\Program Files\Okta\UpdateService\Okta.Coordinator.Service.exe.config).

If you use this flag, the ProxyUsername and ProxyPassword flags are also required.

There's no value set by default.

Value (string): <URL>:<Port>

For example, https://example.com:2035

During installation: OktaVerifySetup-X.X.X.X-YYYYYYY.exe ProxyURL=https://proxy.sample.com:3888

A configuration is created:

<appSettings>
<system.net>
<defaultProxy>
<proxy proxyaddress="<url>:<port>"/>
</defaultProxy>
</system.net>

ProxyUserName

Configure the username for the authentication proxy server.

If you use this flag, the ProxyURL and ProxyPassword flags are also required.

There's no value set by default.

Value (string): <username>

For example, proxyUsername

The Okta.Coordinator.Service.exe.config file is updated:

<appSettings>
<!--Possible values None, Critical, Error, Warning, Info, Debug -->

<add key="LogLevel" value="Info" />
<add key="ProxyUrl" value="https://test.com:6545" />
<add key="ProxyUsername" value="TestUserName" />
<add key="ProxyPassword" value="AQAAANCMnd8BFdERjHoAwE/Cl+sB
AAAAiDxe77U1Gk21ZcuZJjmUmAQAAAACAAAAAAAQZgAAAAEAACAAAADo1
s0yrCoIJ15t/iYstL2KDeemboTZ8+RaAac4447v6QAAAAAOgAAAAAIAAC
AAAAAAYMeKTNHpXHKSZIvCahkJJxcvIizIaIKpLm0gARhfNyAAAAC09
RRn7psZmzbuTO+e4HSRjOKeRr3o5KyLGPgV2Jb8+UAAAADtR/AHye/4L
vhhLOf0MGY5IlYaMse87Li7GojQCEOMqdlFpUA3OLL9i/uQLMAx3enyn/gk
8a0euEl3l4MmE4zb"/>
<add key="ProxyPasswordEntropy" value="83928a31-c7c1-449e-8b68-b59a4063f877" />
</appSettings>

ReportDiagnostics

Configure whether crash reports are sent to your diagnostics reporting tool (for example, AppCenter).

Value (boolean):

TRUE: Default. Crash reports are sent.

FALSE: Crash reports aren't sent.