Deploy Desktop MFA for Windows to your endpoints
Early Access release. See Manage Early Access and Beta features.
Use your MDM solution to deploy the Okta Verify installation file to your Windows endpoints. For more details, see Add a Windows line-of-business app to Microsoft Intune in the Microsoft documentation.
To enable online MFA methods, use these command-line parameters:
-
ORGURL: Okta org URL.
-
CLIENTID: This is the client ID that you saved on the Desktop MFA app integration General tab. See Create and configure the Desktop MFA app integration.
-
CLIENTSECRET: This is the client secret that you saved on the Desktop MFA app integration General tab. See Create and configure the Desktop MFA app integration.
-
SKU: SKU=ALL
Example: OktaVerifySetup--x.x.x.x-yyyyyyy.exe SKU=ALL ORGURL=https://customerorg.oktapreview.com/ CLIENTID=xxxxxxxx CLIENTSECRET=xxxxxxxx
When Okta Verify is installed with SKU=ALL, the Windows Credential Provider is hidden during user sign in.
You can use Windows command-line options to adjust the parameters of your installation. For example, add /q to run the installer in quiet mode. This hides the interface during installation. The end user doesn't receive prompts or messages, and can't cancel the installation.
After the installation, notify end users about the upcoming changes to their sign-in experience:
-
They're prompted to enroll one or more offline authentication factors when their device is checked against the policies configured in the next step.
-
They must have the latest version of Okta Verify installed for iOS and Android devices.
-
If they sign in to Windows with Okta Verify push notifications, number challenge isn't supported.
-
Okta FastPass and WebAuthn aren't supported as sign-in methods.
Okta Verify updates automatically when new releases are available. See Okta Verify for Windows release notes for the latest features, improvements, and fixes.