TecUPS: Desktop User Provisioning
User Provisioning & Password Sync. for Okta mastered users on Non-Domain Joined Machines
TecUPS Provisioning Features
Centralized User Management and Authentication with Okta
Local user accounts in Windows are provisioned & deprovisioned from Okta as the authoritative identity provider
Just-In-Time User Provisioning
Simplify local user account provisioning & access with dynamic provisioning
Sync. Passwords for Local Desktop Users
Push Okta password to local user account on non-domain joined computers
Centralized Policy Enforcement
Okta sign-on and 2FA policies for desktop users
Password Recovery at the Press of Ctrl + Alt + Del Keys
Securely recover password from Windows logon screen
Login Once to Gain Access to All Corporate Resources
Better user experience since users have to login only to their workstation to access all corporate
No. TecUPS is designed to work on computers which are not joined to domain. Okta UD is used as the directory in such scenarios.
- Windows 10
- Windows 7
- Windows Server 2016
- Windows Server 2019
Desktops with Windows 10 for deploying TecUPS Credential Provider (CP). The CP can be deployed through GPO.
- Okta tenant is configured & users can login to Okta.
- Users are active in Okta and have enrolled in at least 1 Factor type supported by TecUPS.
- Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
- TecSSPR Windows Credential Provider installation on Desktops through GPO.
- Okta Verify
- Google Authenticator
- RSA SecureID
- Security Question
- Custom TOTP
- Okta Verify (TOTP)
- U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
Yes this is supported through Factor Lifetime policy configuration in Okta.
No, during offline enrollment, the new account gets registered with the Okta Verify app.
Yes, TecUPS supports inline enrollment with Okta through SMS as a factor.
TecUPS supports silent installation or installation via GPO or any standard software distribution tools like Microsoft System Center Configuration Manager.
TecUPS is developed on top of Okta’s MFA and policy framework. It totally relies on Okta policy to enforce MFA. To bypass MFA for specific users, Okta policy can be configured accordingly. Please contact the technical team to understand how this can be optimally configured without impacting any existing Okta integrations and policies.
Yes, TecUPS can prompt for MFA during elevated access (UAC).
This option is configurable during TecUPS installation.
This feature is supported in our other Product (TecZERO) which supports Passwordless Desktop login for Okta customers . Send email to firstname.lastname@example.org or email@example.com for additional information.
TecUPS Windows Credential Provider UI provides an option to re-enroll a new device.
TecUPS is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The only requirements from end user perspective are, access to a Desktop with TecUPS Windows Credential Provider installed and at least 1 MFA factor configured in Okta.
TecUPS provides an option to add company logo for corporate branding.