Okta in kiosk machine Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmxrqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Nidhin C KNidhin C K 

Okta in kiosk machine

Hi Experts,

We have enabled SSO in our org and we have few Kiosk machines where we need to go to login page if someone opens okta page. How can we achieve this? 
Note: Kiost machiens are domain joined.
Best Answer chosen by Nidhin C K
Manikanta ManchalaManikanta Manchala
If you dont want to uncheck those Ous, then as a work around If there are few users in those Ou's put the users in the mode (No password. Click Reset Password to reset the user password.) You can achieve this mode when you disconnect the user from AD. So that user will never be able to login. If they ask for okta login , delete the user and ask the user to re register to okta. ( deactivate and then tombstone or Delete)  This is just a work around.

 

All Answers

Cody SudersCody Suders (Okta, Inc.)
What most customers do in this instance is use a group policy to make our interactive login page the home page on the shared machines.  you can force interactive login instead of the desktop single sign-on experience by adding /login/default to the end of your URL ex: https://customer.okta.com/login/default
Nidhin C KNidhin C K
Hi Cody, if we apply this solution, whenever user opens browser from kios machine, the home page will open in okta login page right. So if a user needs to access Google page, they need to type google in url. this complicates right?

Is there any other solution? We tried below methord and its working fine.
  • Disable the sync for specific OU where we have this user account which is configured on Kiosk machine. So when user tries to access the okta page it will never login because user account does not exist in Okta org hence user will get redirected to Okta credentil page

Problem with the above methord is that, if some user from non synced OU asks for an Okta login then we will have to move that user from the non synced OU to synced OU. 

So is there any way using group or something we can restrict Okta access so that they will get redirected to Okta login page
Manikanta ManchalaManikanta Manchala
If you dont want to uncheck those Ous, then as a work around If there are few users in those Ou's put the users in the mode (No password. Click Reset Password to reset the user password.) You can achieve this mode when you disconnect the user from AD. So that user will never be able to login. If they ask for okta login , delete the user and ask the user to re register to okta. ( deactivate and then tombstone or Delete)  This is just a work around.

 
This was selected as the best answer
Nidhin C KNidhin C K
Thanks Cody & Manlkanta for your suggestions. 

Other solution which we found is to relove the last name from the service account. In our environment we dont use last name for service accounts.