When it comes to device security, many organizations use a combination of identity services and device management tools to ensure that secure practices are being adhered to at scale.
In this guide, we’ll be focusing on the combination of Okta and VMware Workspace ONE to run a compliance check to ensure that all employees have Workspace ONE installed on at least one of their devices.
Okta is a leading identity management platform that helps employers establish consistent access and secure authentication across applications.
VMware Workspace ONE is a leading security and application management tool that offers endpoint management and access control across devices and virtual applications.
The following steps will allow you to confirm which users in Okta have at least one active device in your business's VMware Workspace ONE account.
Getting an Active Users List From Okta
The first step of running this type of compliance check is getting a full list of active users at your organization. You can pull this list directly from Okta using either the Okta Admin UI or via the Okta API.
Using the Okta Admin UI
- Navigate to the Okta Admin Panel, then go to Reports.
- Select the Okta Password Health link to download a CSV file.
- Open the CSV file, then filter the Status column for Active users.
Using the API
The Okta API retrieves all users with a maximum of 200 per call. You can use the following syntax to issue a call with parameters:
If you have more than 200 users in your organization, you will likely need to use pagination to pull the full list.
Getting User and Device Lists from Workspace ONE
Now that you have a user list from Okta, you need to go to the Workspace ONE Unified Endpoint Management (UEM) console. This is your access point for all enrolled devices within your organization. You can analyze and manage devices of all kinds and on all platforms from this central location.
To check whether users have active devices and confirm mobile device management (MDM) compliance, first navigate to the Workspace ONE UEM console. On the left side of the console, choose Accounts. From this tab, you will be able to access information for all registered users within your organization's account.
Open the User Accounts List View
In order to fully evaluate device activation, you will need to dive deeper. From the Accounts tab on the Workspace ONE UEM, you can open the user accounts list view, which provides a comprehensive list of all users. The list view includes various data points:
- The user's full name
- The current user status
- The enrollment organization group
- The number of devices associated with the user
- The number of groups to which the user belongs
- Contact information for the user
You can also apply filters or sort user information by characteristics such as security type, enrollment status, and user role.
To export this list, click the Export button, select the format (XLSX or CSV), navigate to “Monitor”, then “Reports & Analytics”, and then “Exports” to view and download the resulting report.
Open the Devices List View
To check if users have devices associated with them, you can navigate to the device list view. Here you will find information on all the devices in your account, including fields like:
- “Last seen” date
- Device type
- Operating system
- Associated User
- Enrollment Status
- Compliance Status
To export this list, follow the same steps as before. Click the Export button, select the format (XLSX or CSV), navigate to “Monitor”, then “Reports & Analytics”, and then “Exports” to download the report.
Using the combination of the Okta active user list, the Workspace ONE User list, and Device list, you can cross-reference them in Excel with the vlookup function to identify gaps between Okta and Workspace ONE, and users in both tools who don’t have devices registered. you can quickly identify users who have gaps. You can then follow up with them directly to ensure they meet compliance.
Automating Device Compliance Checks With Blink
As remote work continues to flourish and more employees use mobile devices for their everyday tasks, MDM compliance will play a prominent role in data security. With this compliance check, you can ensure that your organization is achieving security best practices.
This method is very manual and could be time-consuming. When you create a free Blink account, running queries like this is simple. You can build automations for this using no-code steps and run it on a regular schedule.
Create your free Blink account and ensure device management compliance in a couple clicks today.