Okta + Kandji

Okta’s integrations with Kandji empower teams to automate the employee lifecycle

Kandji Passport

Okta and Kandji's growing relationship has allowed for more security and the expansion of identity-centric device management. There are two integrations: 

  1. Kandji Passport for enrollment customization
  2. Kandji Connector Cards in Okta Workflows

The Challenge

Organizations’ increased adoption of cloud-based identity providers for single sign-on has left a disconnect between the local Mac user login and the cloud-based Id

The Solution

Kandji Passport helps IT/IS administrators give Mac users a login experience that feels native to their Mac yet leverages their single sign-on credentials for more secure logins and just one password to remember.  Kandji Passport  helps to improve password security,  alleviates stress on IT support teams who help with password resets, and makes life easier for team members by allowing them to sign into their Mac using their Okta credentials.

  • Leverage Okta’s password management to secure your Mac fleet. 
  • Users always log in with their most up-to-date credentials.
  • Admins can customize the look and feel of the login to match the experience they want for Mac users. Passport feels native to the Mac while giving control over branding.

Kandji Connector Cards in Okta Workflows

The Challenge

In Apple device management, automation is everything. The more you can automate via scripts, APIs, and other tools, the less you have to do manually and the more time you have for more strategic projects. Kandji customers now have another powerful automation tool in the form of Okta Workflows.

The Solution

Kandji’s API allows Okta Workflows to call actions in Kandji. Kandji can then make changes to the device in response to events or changes with Okta Cloud Identity. This allows technology teams to move beyond device-centered automations and create identity-centric workflows that are enabled by Okta Workflows. Whether a user is promoted to a new position, changes teams, or even moves to a new organization, the Kandji and Okta integration can empower your deployment teams and end-users with the right access and tools on their journeys.

Use Cases

Passport: Improve your password hygiene

  •  Leverage your identity provider’s password management to secure your Mac fleet. With Passport, your users always log in with their most up-to-date credentials.

Passport: Take charge of user provisioning

  • Get granular control over user account types. Choose whether users get standard or admin accounts. If you need it, even more controls are available.

Workflows: Update employee’s user profile

  • An employee changes departments and you need to update their Okta user profile. You can create a Workflow triggered by that change in job title/department to automatically move all devices assigned to that user to a new Blueprint in Kandji, which would deploy new applications and adjust device settings. 
  • An employee is leaving the organization and you need to suspend that user in Okta. You can create a Workflow triggered by that change to automatically move all devices assigned to that user to your Suspended Blueprint in Kandji, which would de-provision apps, remove VPN settings and certificates, potentially lock each device, and send a message about these automated actions to the IT department’s Slack channel.

How Okta + Kandji work together:




Kandji and Okta work together to integrate identity management into device management and security. Through the various integrations, admins enjoy more automation in the employee lifecycle, stronger security, automated workflows, and a more streamlined experience for their Mac users. Logic from Okta can trigger actions in Kandji, Okta credentials can be used to provide or deny access to a Mac, and the device set up can be authenticated and secured.

Popular Integrations:


  • Kandji Passport is an authentication product that creates a seamless, one-password sign-in experience for users. Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity provider (IdP) such as Okta, so users need to remember just one password for both their Mac computers and the organization’s single sign-on (SSO) provider. Passport provides a native Mac login experience while streamlining management, and security tasks for IT admins.

Enrollment Customization with Kandji & Okta: 

  • Enrollment customization lets IT provide custom branding, consent text, and modern authentication with Okta to their end users during device enrollment. New employees can be required to sign in with their Okta credentials to set up a new Mac.

Kandji Connector for Okta Workflows: 

  • Kandji and Okta have collaborated to build a suite of 23 connector cards that you can use in building your Workflows. These cards can initiate actions such as erasing, listing, locking, restarting, shutting down, and updating devices; getting lists of apps and library items on a device; creating Blueprints; getting the Activation Lock bypass codes, FileVault recovery Keys, or unlock PINs for a device; and more.

Trusted by:

AND Digital, Third Bridge, Monzo, Gousto, Allbirds, Varo, Puppet, Topps, Doximity, LogRhythm, Amplitude, ActiveCampaign, Springboard, Vida, Storable, and more