Category filter

Okta integration with Hexnode UEM

Hexnode is a mobility management platform that enables IT admins to manage and monitor a multitude of devices from a centralized platform. It also provides the workforce seamless and secure access to the corporate networks and apps on their deployed endpoints. Apart from the device management capabilities, Hexnode also delivers enterprise-grade app, content, and kiosk management through the unified device management console.

Hexnode’s integration with Okta, a cloud-based identity and access management solution, further simplifies the device enrollment and user management operations in the UEM console. The collaboration syncs the user and group inventory of your organization’s Okta account to Hexnode, facilitating the automatic creation of user accounts. Moreover, Okta’s integration ensures users reliable and secure access to applications with single sign-on, multi-factor authentication, and more.

This guide provides step-by-step instructions to easily integrate Hexnode with Okta.

Okta integration with Hexnode MDM

What is Okta?

Okta is a cloud-based identity and access management provider. Their solutions include Single Sign-On (SSO), Multi-factor authentication, lifecycle management, API access management, and others.

With the Hexnode-Okta integration, you can accomplish elevated standards of device management and security by leveraging the features of the robust identity and access management solution with Hexnode.

What are the benefits of Hexnode’s integration with Okta?

The main use cases of Okta integration include enabling Hexnode login using Okta authentication, syncing users and groups from Okta domain to Hexnode console, easy enrollment of iOS, Android, Windows and macOS devices with Okta authentication, and more.

Prerequisite:

  • Your organization should have an Okta subscription.

API Token in Okta

To configure Okta in Hexnode, you have to create a token in Okta.

  1. Log in to your Okta account.
  2. Go to Security > API >Tokens.
  3. Click on Create Token.
  4. Enter a token name and click on Create Token.
  5. Copy and save the created token in a secure place.

Note:


To generate an API token for integrating Okta with the Hexnode portal, the user needs to have administrator privileges in Okta portal.
To reconfigure Hexnode for already configured Okta, the user must have one of the following privileges:

  • Super Admin
  • API Access Management Administrator
  • Application Administrator


Users and user groups will be imported to the Hexnode portal. Go to Manage > Users/User Groups to see the imported list of users and groups.

Configure Okta in Hexnode UEM

Note:


Okta integration is supported only on Ultimate and Ultra pricing plans.

Follow the procedure to configure Okta with Hexnode to import users and groups from Okta.

  1. Sign in to your Hexnode MDM portal.
  2. Navigate to Admin > Okta.
  3. Enter your Okta domain name and API Token.
    Warning:


    Take extra caution while entering the Okta domain name. It should be of the format: portal name.okta.com and not portal name-admin.okta.com. If it is the latter, user & group sync and the directory integration will be successful, but self-enrollment by the users will be blocked.

  4. Enable Allow self-enroll to allow users to enroll in Hexnode with their Okta credentials.
  5. Choose how often you want to sync Okta with Hexnode. Select the sync time and the sync frequency.
  6. Click on Save.

Remote Actions on Domain

Once the domain is configured, you can perform the following actions on the domain,

  • Sync Now – To manually sync Okta with Hexnode.
  • Reconfigure Hexnode Identity – If reconfigured, the Hexnode Identity app in Okta will return to its default settings, and all the Okta users will get assigned to the Identity app. Reconfiguring the app has no effect on the sync process.
  • Disable/Enable Self-enroll – Disable/Enable users to enroll with their Okta credentials.
  • Delete Domain – Deleting a domain will remove all the users and groups associated with the domain from the Hexnode portal. You can either disenroll all the devices assigned to the Okta domain users, or you can assign the enrolled devices to new users before deleting a domain.

remote actions for Okta

Hexnode Identity App

Hexnode Identity app is the OAuth app that gets automatically created in the Okta when the domain is added in Hexnode. To view the app, navigate to Applications on your Okta portal and search for “Hexnode Identity – {portal name}.hexnodemdm.com”.
Hexnode Agent app in Okta portal

Assign the Hexnode Identity app to the users whose devices you want to enroll in Hexnode via Okta authentication. By default, all users in the Okta domain (the group ‘Everyone’) will be assigned to the Identity app. If you want to restrict certain users from enrolling their devices in Hexnode, remove their Identity app assignments.

Unassigning users from the Hexnode Identity app restricts their Okta authenticated enrollment. They can still enroll their devices in Hexnode via open enrollment.

Note:


Since the Hexnode Identity app is assigned to a group by default, individual user assignments cannot be removed. You have to first remove the group assignment and then re-assign the app to the required users or groups. This can be done by navigating to Applications, clicking on the respective Identity application and then moving to Assignments > Groups and then removing the corresponding group assignment. Now, you can assign to individual users or groups by clicking on the Assign button.

Warning:

  • All users and groups in Okta will be synced to Hexnode, regardless of the app configuration. Changing the Identity app user assignments will have no effect on the sync process. For instance, if there are 10 users in the Okta domain, all the 10 users will be displayed in the Hexnode portal even if the Hexnode Identity app is assigned to only two users.
  • Changing the Hexnode Identity app settings (except the user assignments) may disrupt the Okta authenticated enrollment.
  • An Okta user on a provisioned state will not be synced to Hexnode. Activate the user to add them to Hexnode.

Configure Multiple Domain

Hexnode lets users configure multiple Okta domains in the MDM console. So, even if your organization is using more than one domain, you can manage all its users from a single management console.

To configure multiple Okta accounts in Hexnode,

  1. Go to Admin > Okta.
  2. Click on the + button to Add new server.
  3. Follow the same procedure to complete the configuration.

Add multiple Okta domain in Hexnode

Enroll devices via Okta authentication

Hexnode uses the OAuth authentication method to enroll devices of Okta users. Since OAuth is employed, Okta itself confirms the validity of the entered credentials. So, passwords from Okta don’t have to be transferred to Hexnode.

Hexnode supports the enrollment of iOS, Android, Windows and macOS devices using Okta authentication.

  • Hexnode Integrations