Category Filter

Okta integration with Hexnode MDM

Hexnode is an MDM solution used to securely manage, monitor and control BYOD and corporate-owned – desktops, laptops, smartphones, ruggedized devices and IoT devices from a single management console.

Hexnode’s integration with Okta, a cloud-based SSO platform, further simplifies device enrollment. With this integration, Okta users will get directly imported to Hexnode. With the Hexnode – Okta integration, you can enroll your iOS, Android, Windows, and macOS devices with ease.

Okta is an access management platform with features including single sign-on, multi-factor authentication, life cycle management, API access management, and many more.

Benefits of Okta integration

The main benefits of Okta integration include:

Prerequisites:

  • Okta subscription.

Okta domain services hold all directory information and take care of all the interactions between the users and the domain. With Hexnode, you can configure multiple Okta domains in a single console.

Hexnode uses the OAuth authentication method to enroll devices of Okta users. Since OAuth is employed, Okta itself confirms the validity of the entered credentials. So, passwords from Okta doesn’t have to be transferred to Hexnode.

Configure Okta in Hexnode MDM

Follow the procedure to configure Okta in Hexnode to import users and groups from Okta.

  1. Sign in to your Hexnode MDM portal.
  2. Navigate to Admin > Okta.
  3. Enter your Okta domain name and Token.
    Warning:


    Take extra caution while entering the Okta domain name. It should be of the format: portal name.okta.com and not portal name-admin.okta.com. If it is the latter, user & group sync and the directory integration will be successful, but self-enrollment by the users will be blocked.

  4. Enable Allow self-enroll to allow users to enroll in Hexnode with their Okta credentials.
  5. Choose how often you want to sync Okta with Hexnode. Select the sync time and the sync frequency.
  6. Click on Save.

API Token in Okta

To configure Okta in Hexnode, you have to create a token in Okta.

  1. Log in to your Okta account.
  2. Go to Security > API >Tokens.
  3. Click on Create Token.
  4. Enter a token name and click on Create Token.
  5. Copy and save the created token in a secure place.


Users and user groups will be imported to the Hexnode portal. Go to Manage > Users/User Groups to see the imported list of users and groups.

Remote Actions on Domain

Once the domain is configured, you can perform the following actions on the domain,

  • Sync Now – To manually sync Okta with Hexnode.
  • Reconfigure Hexnode Identity – If reconfigured, the Hexnode Identity app in Okta will return to its default settings and all the Okta users will get assigned to the Identity app. Reconfiguring the app has no effect on the sync process.
  • Disable/Enable Self-enroll – Disable/Enable users to enroll with their Okta credentials.
  • Delete Domain – Deleting a domain will remove all the users and groups associated with the domain from the Hexnode portal. You can either disenroll all the devices assigned to the Okta domain users or you can assign the enrolled devices to new users before deleting a domain.

remote actions for Okta

Hexnode Identity App

Hexnode Identity app is the OAuth app that gets automatically created in the Okta when the domain is added in Hexnode. To view the app, navigate to Applications on your Okta portal and search for “Hexnode Identity – {portal name}.hexnodemdm.com”.
Hexnode Agent app in Okta portal

Assign the Hexnode Identity app to the users whose devices you want to enroll in Hexnode via Okta authentication. By default, all users in the Okta domain (the group ‘Everyone’) will be assigned to the Identity app. If you want to restrict certain users from enrolling their devices in Hexnode, remove their Identity app assignments.

Unassigning users from the Hexnode Identity app restricts their Okta authenticated enrollment. They can still enroll their devices in Hexnode via open enrollment.

Note:


Since the Hexnode Identity app is assigned to a group by default, individual user assignments cannot be removed. You have to first remove the group assignment and then re-assign the app to the required users or groups.


All users and groups in Okta will be synced to Hexnode, regardless of the app configuration. Changing the Identity app user assignments will have no effect on the sync process.
Warning:

  • Changing the Hexnode Identity app settings (except the user assignments) may disrupt the Okta authenticated enrollment.
  • An Okta user on a provisioned state will not be synced to Hexnode. Activate user to add them in Hexnode.

Configure Multiple Domain

Hexnode lets users configure multiple Okta domain in the MDM console. So, even if your organization is using more than one domain, you can manage all its users from a single management console.

To configure multiple Okta accounts in Hexnode,

  1. Go to Admin > Okta.
  2. Click on the + button to Add new server.
  3. Follow the same procedure to complete the configuration.

Add multiple Okta domain in Hexnode