Category Filter

Okta integration with Hexnode MDM

Hexnode is a mobility management platform that enables the IT admins to manage and monitor a multitude of devices from a centralized platform. It also provides the workforce seamless and secure access to the corporate networks and apps on their work deployed endpoints. Apart from the device management capabilities, Hexnode also delivers enterprise-grade app, content, and kiosk management through the unified device management console.

Hexnode’s integration with Okta, a cloud-based identity, and access management solution, further simplifies the device enrollment and user management operations in the UEM console. The collaboration sync’s the user and group inventory of your organization’s Okta account to Hexnode, facilitating the automatic creation of user accounts. Moreover, the integration with Okta ensures Hexnode users, reliable and secure access to applications with single sign-on, multi-factor authentication and more.

This guide provides step-by-step instructions to easily integrate Hexnode with Okta.

What is Okta?

Okta is a cloud-based identity and access management provider. Their solutions include Single Sign-On (SSO), Multi-factor authentication, lifecycle management, API access management, and others.

With the Hexnode-Okta integration, you can accomplish elevated standards of device management and security by leveraging the features of the robust identity and access management solution with Hexnode.

What are the benefits of Hexnode’s integration with Okta?

The main use cases of Okta integration includes enabling Hexnode login using Okta authentication, syncing users and groups from Okta domain to Hexnode console, easy enrollment of iOS, Android, Windows and macOS devices with Okta authentication, and enabling universal SSO across native and web applications.

Prerequisites:

  • Your organization should have an Okta subscription.

API Token in Okta

To configure Okta in Hexnode, you have to create a token in Okta.

  1. Log in to your Okta account.
  2. Go to Security > API >Tokens.
  3. Click on Create Token.
  4. Enter a token name and click on Create Token.
  5. Copy and save the created token in a secure place.


Users and user groups will be imported to the Hexnode portal. Go to Manage > Users/User Groups to see the imported list of users and groups.

Configure Okta in Hexnode MDM

Follow the procedure to configure Okta with Hexnode to import users and groups from Okta.

  1. Sign in to your Hexnode MDM portal.
  2. Navigate to Admin > Okta.
  3. Enter your Okta domain name and API Token.
    Warning:


    Take extra caution while entering the Okta domain name. It should be of the format: portal name.okta.com and not portal name-admin.okta.com. If it is the latter, user & group sync and the directory integration will be successful, but self-enrollment by the users will be blocked.

  4. Enable Allow self-enroll to allow users to enroll in Hexnode with their Okta credentials.
  5. Choose how often you want to sync Okta with Hexnode. Select the sync time and the sync frequency.
  6. Click on Save.

Remote Actions on Domain

Once the domain is configured, you can perform the following actions on the domain,

  • Sync Now – To manually sync Okta with Hexnode.
  • Reconfigure Hexnode Identity – If reconfigured, the Hexnode Identity app in Okta will return to its default settings and all the Okta users will get assigned to the Identity app. Reconfiguring the app has no effect on the sync process.
  • Disable/Enable Self-enroll – Disable/Enable users to enroll with their Okta credentials.
  • Delete Domain – Deleting a domain will remove all the users and groups associated with the domain from the Hexnode portal. You can either disenroll all the devices assigned to the Okta domain users or you can assign the enrolled devices to new users before deleting a domain.

remote actions for Okta

Hexnode Identity App

Hexnode Identity app is the OAuth app that gets automatically created in the Okta when the domain is added in Hexnode. To view the app, navigate to Applications on your Okta portal and search for “Hexnode Identity – {portal name}.hexnodemdm.com”.
Hexnode Agent app in Okta portal

Assign the Hexnode Identity app to the users whose devices you want to enroll in Hexnode via Okta authentication. By default, all users in the Okta domain (the group ‘Everyone’) will be assigned to the Identity app. If you want to restrict certain users from enrolling their devices in Hexnode, remove their Identity app assignments.

Unassigning users from the Hexnode Identity app restricts their Okta authenticated enrollment. They can still enroll their devices in Hexnode via open enrollment.

Note:


Since the Hexnode Identity app is assigned to a group by default, individual user assignments cannot be removed. You have to first remove the group assignment and then re-assign the app to the required users or groups.


All users and groups in Okta will be synced to Hexnode, regardless of the app configuration. Changing the Identity app user assignments will have no effect on the sync process.
Warning:

  • Changing the Hexnode Identity app settings (except the user assignments) may disrupt the Okta authenticated enrollment.
  • An Okta user on a provisioned state will not be synced to Hexnode. Activate the user to add them to Hexnode.

Configure Multiple Domain

Hexnode lets users configure multiple Okta domain in the MDM console. So, even if your organization is using more than one domain, you can manage all its users from a single management console.

To configure multiple Okta accounts in Hexnode,

  1. Go to Admin > Okta.
  2. Click on the + button to Add new server.
  3. Follow the same procedure to complete the configuration.

Add multiple Okta domain in Hexnode

Enroll devices via Okta authentication

Hexnode uses the OAuth authentication method to enroll devices of Okta users. Since OAuth is employed, Okta itself confirms the validity of the entered credentials. So, passwords from Okta doesn’t have to be transferred to Hexnode.

Hexnode supports the enrollment of iOS, Android, Windows and macOS devices using Okta authentication.