Limiting logins to Okta based on machine compliance Skip to main content
https://support.okta.com/help/answers?id=906f0000000dfkwiao&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Cathy McLeodCathy McLeod 

Limiting logins to Okta based on machine compliance

Recently MS announced that AzureAD is now able to check machine compliance before allowing them to log in. Does Okta's WS-Federation affect this feature? Would we be able to authenticate with Okta *and* confirm that the machines are domain-joined?

We are hoping that we do not have to enforce VPN for our more remote users.
Wils DawsonWils Dawson (Okta, Inc.)
Hi Cathy,

You're looking for our device trust feature (https://www.okta.com/blog/2016/08/contextual-access-management-innovating-across-sso-adaptive-mfa-and-mobility-management/) which we just announced at Oktane. You can use this with Okta Mobility Management or with a third-party which distributes certificates, like you can do for domain-joined devices through group policy. This should be entering beta soon, definitely reach out to your Okta contacts to see if the beta is a good fit. 

Thanks,
Wils