Combining the best features of NoMAD with Okta!
If you’re looking to migrate away from AD for your end points, or you already have, and you’ve chosen Okta to be your cloud identity solution, NoMAD Pro can help.
NoMAD Pro can ensure that your user’s Okta passwords are synchronized down to their local accounts on the Mac. With plugins for Safari, Chrome and Firefox you are able to catch every time a user signs in to Okta and make sure the accounts are synchronized.
Multi-factor authentication, like Okta Push and Duo, are fully supported. In addition, NoMAD Pro offers a number of helpful admin functions like making it easy to report on what Okta accounts are being used on the Mac and having script triggers when users sign in.
NoMAD Pro is licensed software. Each purchased license receives free basic e-mail support with a two-day SLA. Please contact our sales team to purchase licenses.
In addition an Enterprise support package is also available.
With the NoMAD Pro Support Plan, you’ll receive:
- 24×5 e-mail support
- Response within 3 hours
- Custom onboarding
- Ability to Brand the software to your organization
- Super Swag
NoMAD Pro allows your users to sign in to their Okta account and then synchronize the password to the local Mac. In addition:
- Password changes – When the user is within the warning period, the user will be prompted to change their password. Changing the password in NoMAD Pro will also synchronize the new password to the local Mac if that setting is enabled.
- Password Complexity – When changing password, the complexity policy is pulled directly from Okta and the user can not change his or her password until that complexity is met.
- Multifactor – NoMAD Pro can use all of the multifactor options available through Okta including Okta Push and Duo.
- Get Software and Get Help – Just like NoMAD, admins can specify applications, URLs or scripts to be triggered to help the user get software via self-service solutions and to initiate a help desk request.
- Script triggers – NoMAD Pro can trigger a script to be run on successful Okta sign in.
- Okta user name – NoMAD Pro writes out the Okta username to the NoMAD Pro preference file on sign in. This makes it easy to programmatically determine what Okta account a user is using.
- Kerberos tickets – NoMAD Pro can attempt to get Kerberos tickets for a user as a side-effect of signing in to Okta.
- Configurable – All menu items can be hidden or be renamed.
- Deployable – NoMAD Pro is able to be installed by just copying it onto a drive or through a package installer. In addition, all NoMAD Pro settings can be manged via a configuration profile through MDM.
- Browsers – NoMAD Pro has extensions for Safari, Chrome and Firefox allowing it to interact with Okta whenever the user goes to a page requiring authentication.
The upcoming NoMAD Pro 1.1 adds new features and much deeper Kerberos interaction.
- Auto Authentication – Users don’t even need to hit return when browsing to a page in a web browser. The NoMAD Pro interface will automatically display and sign the user in. If multifactor authentication is not in play and the user has the correct password, the browser will automatically redirect the user to the final page with authentication.
- Redirect handling – When a user goes to an Okta-protected webpage and then signs in via NoMAD Pro, the browser will take the user directly to the page requested instead of taking the user to the Okta dashboard.
Improved Kerberos Support
- Sign in whenever the domain appears – NoMAD Pro will now check for the presence of the AD domain on every network change and automatically sign the user in to AD if they do not already have a Kerberos ticket. Previously this only happened when the user signed in directly to Okta.
- Ticket refresh – NoMAD Pro will keep track of the user’s Kerberos ticket and renew them as appropriate.
- User information – The user’s AD record is now read on a regular basis and a number of attributes, including group membership, is written to the NoMAD Pro preference file.
- Certificate request – NoMAD Pro can now request a certificate from a Windows web Certificate Authority.
- Expiration time – For organizations that are AD-mastered, NoMAD Pro will pull the user’s password expiration date directly from AD and show it in the menu.
NoMAD Pro v. 1.1 is expected to released in mid-January 2018. Beta copies are available now, please contact email@example.com for more information.
Choosing between NoMAD Pro and NoMAD
While NoMAD and NoMAD Pro can do some similar functions, the choice between the two really comes down to the level of Okta integration you want on your user’s Macs.
For organziations deploying Macs to single users that are often off of the AD domain, NoMAD Pro offers a number of features that allow for a smoother workflow.
- Users never need to actually connect to the AD domain. All authentication is done via Okta’s publicly available endpoints.
- NoMAD Pro supports multifactor authentication requirements. NoMAD has no support currently, or planned, for multifactor authentication.
- NoMAD Pro can get Kerberos tickets, but NoMAD can’t get Okta tokens.
NoMAD Pro is designed to work with local-only accounts when keeping the password synchronized. If you still are using mobile accounts on your AD-bound Macs and have Okta synchronizing with AD please talk to us about the best workflow for that situation.
Running both applications together
It’s perfectly feasible to run both NoMAD and NoMAD Pro in an organziation. While running them at the same time on the same Mac might be a bit strange, both applications would run independantly and not interfere with the other. Both applications have different preference domains as well, so the configurations do not cross.