KatieE.63316 (Customer) asked a question.
Okta + Microsoft Intune
We have recently rolled out Microsoft Intune for our MDM solution.
The device will be initially set up by our Mobile Deployment team who will be on Esri’s network and, therefore, will not be prompted for Okta MFA upon authentication into O365 (which is behind Okta).
However, the scenario we are trying to solve is:
- User is remote / off network
- User resets mobile device
- User needs to re-register in Microsoft Intune
- User does not have another device to install Okta Verify (or other MFA solution)
- User is prompted to sign in to Okta when accessing Intune
- User is prompted to set up MFA by Okta per our Sign On policy to proceed any further in device set-up/registration
How do we help the user get the device set up in this scenario?
Hello,
Thank you for posting on the Okta Community.
Any user should be able to access another device in order to reset their MFA or ask their MFA to be reset by an Admin before defaulting to factory settings on their main device.
For Okta Verify the situation when the QR code cannot be scanned is explained in the article below.
https://help.okta.com/en/prod/Content/Topics/Mobile/Okta_Verify_Using.htm
If you require further assistance please open up a Customer Support ticket so that more details could
be investigated related to the matter.
Best regards,
Cosmin Nita
Okta Global Customer Care
Hello,
That does not the address the scenario - the scenario states that when the user resets the device, she does NOT have access to another device and it is assumed that she does not contact an Okta admin prior to resetting the device. How can the user proceed?
Thanks,
Katie
@Katie Evans: Have you considered using Hardware tokens for MFA?
That approach would allow users to use U2F / MFA on the computer via a usb-c or usb yubikey.
Best of luck
@Katie: Do you have MFA allowed via TXT message? If so just tell your mobile users to set up two MFA Factors in there settings. This way you would be able to solve the issue.