TecUPS: Desktop User Provisioning
User Provisioning & Password Sync. for Okta mastered users on Non-Domain Joined Machines
TecUPS Provisioning Features
Centralized User Management and Authentication with Okta
Local user accounts in Windows are provisioned & deprovisioned from Okta as the authoritative identity provider.
Just-In-Time User Provisioning
Simplify local user account provisioning & access with dynamic provisioning.
Sync. Passwords for Local Desktop Users
Push Okta password to local user account on non-domain joined computers.
Centralized Policy Enforcement
Okta sign-on and 2FA policies for desktop users.
Password Recovery at the Press of Ctrl + Alt + Del Keys
Securely recover password from Windows logon screen.
Login Once to Gain Access to All Corporate Resources
Better user experience since users have to login only to their workstation to access all corporate.
Enforcement of MFA by User Type
Configurable MFA enforcement for various user types.
No. TecUPS is designed to work on computers which are not joined to domain. Okta UD is used as the directory in such scenarios.
- Windows 11
- Windows 10
- Windows 7
- Windows Server 2016
- Windows Server 2019
- Windows Server 2012
- Mojave
- Catalina
- Big Sur
- Monterey
Desktops with Windows or MAC for deploying TecUPS Credential Provider (CP). The CP can be deployed through GPO.
- Okta tenant is configured & users can login to Okta.
- Users are active in Okta and have enrolled in at least 1 Factor type supported by TecUPS.
- Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
- Okta Verify
- SMS
- Voice
- Google Authenticator
- Yubikey
- RSA SecureID
- Security Question
- Custom TOTP
- FIDO2 with external authenticators
- Okta Verify (TOTP)
- Hardware TOTP
- U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
- FIDO2 with external authenticators
Yes this is supported through Factor Lifetime policy configuration in Okta.
No, during offline enrollment, the new account gets registered with the Okta Verify app.
Yes
TecUPS supports silent installation or installation via GPO or any standard software distribution tools like Microsoft System Center Configuration Manager.
TecUPS is developed on top of Okta’s MFA and policy framework. It totally relies on Okta policy to enforce MFA. To bypass MFA for specific users, Okta policy can be configured accordingly. Please contact the technical team to understand how this can be optimally configured without impacting any existing Okta integrations and policies.
Yes, TecUPS can prompt for MFA during elevated access (UAC).
This option is configurable during TecUPS installation.
This feature is supported in our other Product (TecZERO) which supports Passwordless Desktop login for Okta customers . Send email to [email protected] or [email protected] for additional information.
TecUPS Windows Credential Provider UI provides an option to re-enroll a new device.
TecUPS is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The only requirements from end user perspective are, access to a Desktop with TecUPS Credential Provider installed and at least 1 MFA factor configured in Okta.
TecUPS provides an option to add company logo for corporate branding.