<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Desktop MFA Configuration without Adaptive MFA
Nov 18, 2025
Okta Identity Engine
Okta Device Access
Overview

This article outlines necessary changes to configure Desktop MFA with the Device Access SKU only (without the Adaptive MFA SKU).

Applies To
  • Okta Identity Engine (OIE)
  • Okta Device Access (ODA)
  • Desktop MFA for Windows
Solution

Okta Device Access (ODA) requires the device certificate to be deployed to the computer. An external Certificate Authority (CA) or Okta's CA can be used for this purpose.

Follow those steps to use the CA specifically for Okta Device Access:

  1. In the Admin portal, go to Security > Device Integrations.
  2. Ensure to select the Device Access tab. Do not configure Endpoint Management because the Desktop (Windows and macOS only) platform will not be available, according to this article, when the Adaptive MFA SKU is not available.
  3. Click on Add SCEP configuration.
  4. In the MDM, deploy a configuration profile set to Computer Level

 

Related references

Recommended content

Still looking for help?
Loading
Desktop MFA Configuration without Adaptive MFA