Using Okta Verify as an Enrollment SSO app with Jamf Pro requires the configuration of multiple items within Jamf Pro, including Single Sign-On settings, a managed app configuration for the Okta Verify app, and a configuration profile with a Single Sign-on Extension payload configured.
Requirements
Okta as an identity provider
Okta FastPass authentication enabled for your Jamf Pro app in the Okta dashboard. For details, see Okta FastPass from Okta.
Note:
End users will be guided to set up and register within the Okta Verify app if they select the Sign in with Okta FastPass option when authenticating with Jamf Pro during enrollment. If the user signs in to Okta without selecting Okta FastPass, the Okta Verify app can be set up by the user later, after the device enrolls with Jamf Pro.
In Jamf Pro, click Settings
in the sidebar.
In the System section, click Single
sign-on
.
Select the Enable Single Sign-On for Account-Driven Enrollment checkbox.
Enter the host URL found in your Okta dashboard in the URL field.
Enter the Management Hint found in your Okta dashboard in the Management Hint field.
(Optional) Specify a user group.
Click Save .
In Jamf Pro, click Devices in the sidebar.
Click Mobile Device Apps in the sidebar.
Click New.
Select App Store app or apps purchased in volume and click Next.
Do one of the following:
To add the app by browsing the App Store or apps purchased in volume, enter Okta Verify, choose an App Store country and click Next. Then click Add.
To add the app by uploading a VPP code spreadsheet, click Choose File and upload the Excel spreadsheet (.xls) that contains VPP codes for the app.
To add the app by manually entering information about it, click Enter Manually.
Use the General tab to configure basic settings for the app and select "Install Automatically" from the Distribution Method pop-up menu.
Click the App Configuration tab. Copy and paste the following PLIST into the Preferences field.