cancel
Showing results for 
Search instead for 
Did you mean: 

How to establish Device Trust for Android Devices with Okta by using JumpCloud's Android EMM?

JuergenKlaassen
Rising Star III
Rising Star III

Hello

Recently I posted about "How to establish Device Trust (managed devices) for Okta by using JumpCloud as factor for authentica..." - which enables you to make use of Device Trust Certificates from JumpCloud with Okta. 
But how about mobile devices running Android where Device Trust Certificates are not available?

Since JumpCloud's Android EMM is just around the corner: it's doable and I gonna show you how.

Ingredients needed:

  1. Okta Tenant + Okta Verify
  2. JumpCloud Tenant with Device Management

Integrations steps

1. Okta: Device Integrations

Navigate to Security (1) -> Device Integrations -> Endpoint Management (2). Then click 'Add Platform' (3) and select 'Android'.

SCR-20230509-jcqi.png

 


Acquire the Enrollment Link from JumpCloud:

To get the Enrollment Link, follow these steps (BYOD in this case):

- Navigate to the JumpCloud User Console and click Security (1)
- Click "Personal" under "Enroll your Android Device" and copy the Enrollment Link (2)
- Then paste it into the 'Erollment Link" field in Okta's Device Integrations pane (see below)

 

SCR-20230509-jehx.png

 

On the next screen, copy/save the Secret Key (1) as you'll need this later on JumpCloud to finish the integration. Give it a name like JumpCloud AndroidEMM. (2)

SCR-20230509-jdsg.png

 

2. JumpCloud Integration steps

Add/configure Okta Verify under Software Management for Android EMM

Navigate to Software Management -> click 'Add New' -> search for 'Okta Verify' and add it.
Once added, select 'Okta Verify' and click 'Configuration':
SCR-20230509-jfdr.png

In the configuration pane, give it a name like 'Okta Verify'add your Org URL and the Secret Key (from above) under 'Management Hint': 

SCR-20230509-jfpq.png

Done.

That's basically it. Now you're ready to use this Device Integration in your Authentication Policies to your liking, for example:

SCR-20230509-ljrj.png


You will be able to enforce your policies around this aka BYOD-Android's must be managed via JumpCloud's Android EMM 

Within the logs your will get the details accordingly: 

SCR-20230509-kmeq.png

Additional KB's:
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/devices/integrate-third-party-mdm.htm
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/devices/add-app-signon-policy-mobile....


As always, thanks for reading. 
-Juergen 

 



 

0 REPLIES 0