Managed devices should be attested by Okta for provisioning SSO extension with Okta and Okta Device Trust. In the case of macOS) devices ,attestation is achieved by Mobile Device Manager Plus by distributing management attestation certificates to the device through SCEP .
In order to obtain device attestation for macOS devices, management attestation certificates are deployed to the device. First an SCEP URL and Secret key must be generated in Okta by the administrator or technician,which will then be used to create a Certificate Server and Template in the MDM console. The next step is to generate and associate an SCEP profile to the device using the Certificate Template. After that, in order to get the device attested, the Okta Verify app has to be distributed to the devices and the user should setup their account and login once with their organization credentials.
Follow the detailed steps specified below to configure Okta Device Trust for macOS devices :
First, you have to generate an SCEP URL and Secret key in the Okta by following the steps provided below :
After generating an SCEP URL and Secret key in Okta, a Certificate Server and Template should be created in the MDM console .For this follow the steps provided below :
Next we need to create an SCEP profile to distribute to your managed devices. For that:
Now the SCEP profile should be associated with the devices by following the steps specified below :
Once the SCEP profile has been associated to the devices, the Okta Verify app should be distributed to the devices.
For macOS, the app can be added using ABM Server tokens or using the Apple Playstore in the MDM App repository.
Finally for the device(s) to attain the attested status, the user should setup Okta Verify with their user credentials and login into any org allotted apps at least once.