User16370330549592969269 (Customer Support Online Experience) asked a question.
Our next Ask Me Anything (AMA) on June 27, 2025, will focus on Okta Device Access, a capability that helps organizations secure the first vulnerable touchpoint: the device login.
In today’s security landscape, the endpoint is often the weakest link. Device Access helps organizations protect access across all user devices, simplify identity from device to app, and support compliance while delivering a great user experience.
Whether you are exploring Device Access, planning a rollout, or looking to scale it across your workforce, this is your chance to ask the experts.
How can I participate?
Submit your questions by clicking the ‘Answer’ button below anytime between now and Thursday, June 26.
Then join us in this thread on Friday, June 27, from 8 to 10 a.m. PDT as Okta product experts post detailed, written responses.
Need ideas on what to ask?
✅ How to roll out Device Access for Mac or Windows
✅ How it helps reduce password risk and supports passwordless login
✅ Where Device Access fits in a Zero Trust strategy
✅ How it integrates with IAM or endpoint security tools
✅ Real-world use cases and the value other customers have seen
These are just a few examples. We welcome your unique use cases, challenges, or curiosity, no matter how big or small.
We want to hear your questions. Drop them in now and get expert insight!
Want to learn more? Check out the blog post -> https://support.okta.com/help/s/blog/a67KZ000000oMBfYAM/june-27-ask-me-anything-okta-device-access?language=en_US
Looking forward to a great conversation!
Hi,
What is the current status of the MacOS support for the "Platform Single Sing-on for macOS" (Password Sync - especially the 2.0 version)
Apple did something on the 15.x updates (15.3-> 15.4) and there also was some fixes implemented in the earlier Okta Verify version to address the registrations.
Current version (time of writing is MacOS 15.5) - are there any known issues, things to consider with MDMs (WS1, Intune, Jamf) when deploing?
Hi,
If your devices are running macOS 14 Sonoma or later, you can use the Platform SSO 2.0 protocol.
You can leverage Password Sync on macOS Lock and Login screen.
In 15.4 Apple made changes within the OS and you need to add a second
Associated Domain to your configuration
https://support.okta.com/help/s/article/cannot-enroll-device-access-running-macos-15-4?language=en_US
For the upcoming "Device-Bound Single Sign-on" feature for Device Access.
Hello,
this is a feature on our Roadmap and work in progress, at the moment there are no deep dive information that we can share. But stay tunes, once this feature will go in Early Access, we will for sure share more information.
We appreciate your patience.
In regard to Windows, what's the relationship between Okta Device Access and Windows Hello for Business? Do they compete with each other? Can they be integrated together? Thanks.
Hi,
Okta Device Access has its own credentials provider, in order for users to be prompted for Desktop MFA, exclude Windows Hello as a credential provider on their devices using Okta. The registry keys can be found on https://help.okta.com/oie/en-us/content/topics/oda/windows-mfa/configure-win-mfa-policies.htm#:~:text=CredProvidersToExclude,Empty.
Windows Hello is an additional credential provider, and it is expected not to get prompted for Okta Desktop MFA if Windows Hello PIN is in use.
As such, in this situation, use either Okta Desktop MFA or Windows Hello only.
Is it possible leverage Okta Device Access to allow employees to login into their Windows devices without Active Directory or Azure AD?
Hello,
at the moment we support Active Directory, hybrid and Azure AD joined devices, local accounts are on the roadmap.
What’s the typical implementation journey like for customers rolling out Okta Device Access — and what should we plan for during deployment?