Jamf Nation Community

I'm an Okta user. As, orph351 said, most of my users go to the portal page and open their apps from there. The apps can be setup to auto-launch upon login to Okta.

One other method that I've setup in my office is to use Integrated Windows Authentication and using some custom URL redirect pages, made it so that my users go to a "generic" URL site, like salesforce.mycompany.com and if they are in the office, it automatically logs them into salesforce. This only works with on-premises PCs on the domain. Macs and off-network users have to still go to Okta and sign in. But I think this is close to what you're looking for. It works great for me.

Hi Kyle,

I'm an Okta user and I administer it for my company. Okta has a great self service feature. It's highly customizable so you can choose to add an application directly to individual users or entire groups of users. You can enable the apps for self service apart from adding them directly to the users "cloud desktop." Enabling an app for self service will allow the user to pick from a list of apps authorized by your company. You can also enable the adding of personal apps so if a user want to add amazon.com to their "cloud desktop," they can do so. If you're using the Casper suite you would probably want to include the browser plugin along with any browser .pkg you deploy.

We implemented Okta and it does give you a list of apps in Bookmarks as well as a "portal page" with all your apps. Also they have a huge list of built-in apps and the ability to add custom apps. Their support has been quite responsive as well when we've needed a hand.

At this risk of piling on, +1 for Okta. I actually trained on this today, and really drove home the point about self service. So much so that people wanted to use it as a bookmark manager, too! That was a new one for me. But I see lots using their okta bookmark folder, which when clicked on, gives them one click access to any system we give them or ones they've added themselves. Their mobile apps work almost exactly how you describe, too.

Our organization uses OKTA as well. We love it as our Identity management/SSO service.

The OKTA plugin works great, and it allows you to create a bookmarks folder "My applications" for easy access to all of the apps within okta. Our users leverage the OKTA portal page as well as the mobile app. Either way works great, and are simple to use.

As an alternative solution to evaluate, I would also recommend checking out our products at PingIdentity.com

We have a pre-built dashboard that provides users one-click access to all the applications they are using, launching into the app without having to enter another username/password.

Also, PingID is our newest product, that allows you to leverage a user's smartphone as means of authentication, with just a swipe of the finger...pretty slick solution IMHO.

I have used Okta for several years and feel that more companies need to look into using a SaaS provider as part of there overall strategy of their Identity Access Management system. While companies can use options like ADFS the amount of hours that will be spent to do a SAML integration is high. With Okta's prebuilt integration installs often take minutes not hours or days. Faster and easier integration means that you will be more willing to integrate more applications.

We've been using Okta for three years, and it's been great for us. Cloud SSO is the future. We (the IT department) have links for a few Okta apps bookmarked in various places (e.g., the intranet), so when a user click the link it will log them in. That way we don't have to tell them to go to their Okta profile and look for the bookmark for this app, we just tell them to click on this link and Okta logs them in.

Every response in this thread is from someone who has either never posted on JAMF Nation before, or only posted on one other thread which was also about Okta. (Although @Travis_at_Ping admits he works for Ping)

@adamcodega you're right...it smells like SPAM in here.

external image link

@jfrankel @adaboy][~Travis_at_Ping @pedros @sdresser @tthrush @devthedev @christhibault @orph351 @kyle.jackson Well, if you actually used JSS and self service, you would know you can customize it do to anything, even SSO. So....get to it. Seems like all of you want your hand held instead of doing it yourself......and you call yourselves IT administrators.......

I must admit I could only provide my experience with Okta. @kyle.jackson thought it would be neat to have a URL plugin with all your apps available on the side. I can say that Okta provides a plugin that accomplishes just that, no additional hand holding required.

... Oh man. Sorry @kyle.jackson][/url I'm not sure what you may end up with out of this discussion. We've been playing with SSO "could" services but it's just that, playing. Most folks that I've talked to in person seem to use AD when they desire Self-Service authentication. Unfortunately I'm not even one of those. We leave Self-Service wide open for all!

Call your account manager. I'm sure they can ask around and see what may or may not work form JAMFs perspective.

I've posted quite a bit, I'm also a Paying Okta customer and a Paying LastPass Enterprise customer. (300 users of Okta, 40 users of LastPass Enterprise).

I also use ADFS integrated to AD as a SSO solution to other Cloud Providers (ServiceNow, TerraNova, Oracle, etc).

I'm happy to discuss privately, due to the potential abuse that may be happening on this thread and the possibility that the conversation would derail.

In short, what you want to do can be done with Okta, but I wouldn't. It's not that great of a solution IMHO.
What you want to do cannot be done with LastPass (to my knowledge), though it's a better "Password Vault" than Okta (by far).

Hey everyone, we released Casper Suite v9.93 with full SAMLv2 support for the JSS and Self Service (OS X) authentication. This includes supporting Okta, OneLogin, ADFS, and others.

Casper Suite 9.93 Release Notes

Configure SAML support with ADFS
Configure SAML support with Okta
Configure SAML support with OneLogin