Demo Video of Okta device Trust integrated with Intune for Windows 10. This is a new unmanaged Windows 10 device being taken out of the box, Azure joined and enrolled into Intune with the device trust certificates and Okta Verify installed automatically.

Back-end setup:

  • Okta Identity Engine tenant
  • Intune
  • Intune added as MDM provider within Okta leveraging Okta CA with Intune profiles – Documentation
  • Okta Verify added to Intune – .msi downloaded from Okta administrator console. Uploaded as line of business app in intune.
  • O365 dev tenant federated to Okta
  • Dev Salesforce added to Okta
  • Okta App level policy added to Salesforce – Registered/Managed devices only

Flow:

  • New Windows 10 Machine – Signed in with Azure username (provisioned with Okta)
  • User then prompted to authenticate with Okta
  • Machine runs through default setup questions
  • User then prompted to setup Windows Hello
  • User prompted to setup a PIN
  • Okta Verify then prompts to install automatically – pushed from Intune
  • Edge then opened by user and navigates to Okta
  • User then clicks Fastpass
  • Accepts prompt to open Verify
  • User runs through Verify registration
  • Registers with Username and Password
  • Prompted for additional factor
  • Accepts MFA prompt
  • Prompted to enable Windows Hello in Okta Verify
  • Registration complete
  • Navigates back to Okta and secure app (Salesforce)
  • Verify loads automatically and prompts for Windows hello
  • Authentication complete.
Spread the love