Product
Okta Identity Engine
Objective
This blog discusses the differences between Agentless Desktop SSO and Desktop MFA
Details
Agentless Desktop SSO allows the user to automatically login to Okta after successful login to Active Directory domain connected computers while Desktop MFA adds additional security to authentication into Active Directory domain connected computers or MS Entra ID configured logins.
Here is a comparison between the configurations of Agentless Desktop SSO and Desktop MFA.
| Desktop SSO | Desktop MFA |
|---|---|
User is automatically logged into OKTA after successful Windows Login Seamless login to your applications thru OKTA | User is prompted for MFA during Windows Login process |
| Delegated Authentication must be enabled | Desktop MFA supports the following authenticators: Online: Okta Verify Push, Okta Verify one-time password, or FIDO2 security keys. Offline: Okta Verify one-time password or security keys with OATH support. Desktop Password Autofill (Passwordless Experience) |
DSO Implementation via 2 methodologies
IWA Web Agent running on premises Agentless | Desktop MFA is part of Okta Device Access must be enabled for your org OKTA Verify package needs to be deployed on all Windows endpoints using MDM solution |
Reference
Agentless Desktop SSO
https://help.okta.com/oie/en-us/content/topics/directory/configuring_agentless_sso.htm
Desktop MFA
https://help.okta.com/oie/en-us/content/topics/oda/windows-mfa/configure-win-mfa.htm
Author
Rajya Tupuri