Okta + Kandji
Kandji Passport
Okta and Kandji's growing relationship has allowed for more security and the expansion of identity-centric device management. There are two integrations:
- Kandji Passport for enrollment customization
- Kandji Connector Cards in Okta Workflows
Kandji Connector Cards in Okta Workflows
The Challenge
In Apple device management, automation is everything. The more you can automate via scripts, APIs, and other tools, the less you have to do manually and the more time you have for more strategic projects. Kandji customers now have another powerful automation tool in the form of Okta Workflows.
The Solution
Kandji’s API allows Okta Workflows to call actions in Kandji. Kandji can then make changes to the device in response to events or changes with Okta Cloud Identity. This allows technology teams to move beyond device-centered automations and create identity-centric workflows that are enabled by Okta Workflows. Whether a user is promoted to a new position, changes teams, or even moves to a new organization, the Kandji and Okta integration can empower your deployment teams and end-users with the right access and tools on their journeys.
Use Cases
Passport: Improve your password hygiene
- Leverage your identity provider’s password management to secure your Mac fleet. With Passport, your users always log in with their most up-to-date credentials.
Passport: Take charge of user provisioning
- Get granular control over user account types. Choose whether users get standard or admin accounts. If you need it, even more controls are available.
Workflows: Update employee’s user profile
- An employee changes departments and you need to update their Okta user profile. You can create a Workflow triggered by that change in job title/department to automatically move all devices assigned to that user to a new Blueprint in Kandji, which would deploy new applications and adjust device settings.
- An employee is leaving the organization and you need to suspend that user in Okta. You can create a Workflow triggered by that change to automatically move all devices assigned to that user to your Suspended Blueprint in Kandji, which would de-provision apps, remove VPN settings and certificates, potentially lock each device, and send a message about these automated actions to the IT department’s Slack channel.
How Okta + Kandji work together:
Popular Integrations:
Passport:
- Kandji Passport is an authentication product that creates a seamless, one-password sign-in experience for users. Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity provider (IdP) such as Okta, so users need to remember just one password for both their Mac computers and the organization’s single sign-on (SSO) provider. Passport provides a native Mac login experience while streamlining management, and security tasks for IT admins.
Enrollment Customization with Kandji & Okta:
- Enrollment customization lets IT provide custom branding, consent text, and modern authentication with Okta to their end users during device enrollment. New employees can be required to sign in with their Okta credentials to set up a new Mac.
Kandji Connector for Okta Workflows:
- Kandji and Okta have collaborated to build a suite of 23 connector cards that you can use in building your Workflows. These cards can initiate actions such as erasing, listing, locking, restarting, shutting down, and updating devices; getting lists of apps and library items on a device; creating Blueprints; getting the Activation Lock bypass codes, FileVault recovery Keys, or unlock PINs for a device; and more.