Products
Okta Privileged Access (OPA)
Issue
Users are not able to install Okta Privileged Access (OPA) Client desktops.
Possible Cause(s)
On Active Directory connected computers, security/group policies play a major role. Often Administrator rights are not provided for installing software.
Solution/Fix
An AD System Administrator can follow any of the below options:
- Many companies have a software request portal where users can request the software to be installed and AD System Administrator installs the software. OPA Client can be added to the requestable software list.
- The AD System Administrator can create a group policy to allow the users or trusted users to have Administrator permissions so that users are able to install OPA clients.
Workaround
A tested workaround solution is to copy the OPA client installation folder structure from an existing installation. (where installation was possible)
In this scenario, the folder structure was copied to user directory under C:\Users\<UserID>\AppData\Local
User folder will vary
The Client can now be enrolled by following the below steps:
- In the command prompt, go to OPA client installation bin folder: C:\Users\<UserId>\AppData\Local\Apps\ScaleFT\bin
- Run command sft enroll –url https://<oktaorg>.okta.com –team <OPA teamname>
- This command will open the Okta Privileged Access
- Complete authentication process along with MFA challenge
- Then confirm on the Client Setup Wizard confirms Client Name, Operating system, Disk Encryption.
- Click Approve on the Credential Request
- Once the request to enroll an OPA client is approved, the enrollment is complete.
- The server name on which OPA client is installed appears in the OPA Clients page. Additional details that include Description, Status, Owner, Host name, OS, Encrypted can be verified.
Reference
Install the Okta Privileged Access client | Okta Identity Engine
Author
Ketaki Mujumdar