Platform compatibility
| macOS | Windows | Linux | iOS / iPadOS | Android |
|---|---|---|---|---|
| ✅ |
How to set it up
Add the Platform Single Sign-On application in Okta
- Go to Admin Console > Applications > Applications > Browse App Catalog
- Search for Platform Single Sign-On for macOS
-
Click Add integration
If the message This feature isn’t enabled appears, contact your Okta Account Manager to enable Okta Device Access (paid feature).
- Open the app from your application list
- In the General tab, rename the app label if needed
- In the Sign On tab, make note of the Client ID (required for MDM configuration)
- In the Assignments tab, assign the app to the relevant users or groups
Create a SCEP challenge in Okta
- Go to Admin Console > Security > Device integrations
-
Ensure the Device Access tab is visible (next to Endpoint Management)
If the tab is missing, Okta Device Access is not yet enabled
- Add a Static SCEP certificate authority
-
Make note of the following:
- SCEP certificate URL
- SCEP certificate challenge
Add Okta Verify to Fleet
- From the Okta Admin Console, go to Settings > Downloads
- Download Okta Verify for macOS
- Add the app to Fleet as software:
- Simply upload the application file
- Do not enable automatic deployment or self-service
- Primo will automatically adjust settings to handle deployment
Save key information for MDM configuration
Make sure to save the following details for the next step:
- Okta domain (e.g.
yourorganization.okta.com) - Client ID (from the Platform Single Sign-On application)
- SCEP certificate URL
- SCEP certificate challenge
Finalize the deployment in Primo
Go to a profile: https://app.getprimo.com/profiles
- Enable the Okta Platform SSO setting
- Enter the required information (domain, Client ID, SCEP URL, and Challenge)
- Save the changes
The deployment may take several minutes to complete, as Okta Verify must be installed on all targeted devices.