<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37305
Resolves issue that conditional access modal was not visible for
self-hosted and contained wrong copy.
## Testing
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* "Conditional access" automation option is now available to all users
without license restrictions.
* Enhanced conditional access detection for both Okta and Microsoft
Entra identity providers.
* Improved conditional access setup process with clearer provider
information display based on your configuration.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixing unreleased Okta IdP signing cert issue which prevented from
setting up Okta conditional access.
## Testing
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enhanced the IdP signing certificate download feature with an
interactive button that provides real-time loading indicators and
improved error handling. Users now receive immediate feedback during the
download process with helpful error messages if any issues occur.
* **Chores**
* Removed unused import references.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: jacobshandling <61553566+jacobshandling@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36762
<img width="852" height="624" alt="Screenshot 2025-12-05 at 1 07 26 PM"
src="https://github.com/user-attachments/assets/f8624566-faaf-4c56-a1b5-608ea2bb976d"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34539
Figma:
https://www.figma.com/design/OgQ8SyLK8Sw5thXtF1eiNP/-31909-Conditional-access-w--Okta
Requires backend PR https://github.com/fleetdm/fleet/pull/35526 to view
Apple profile.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Okta as a conditional access provider alongside Microsoft Entra
* Users can now configure both identity providers simultaneously or use
either independently
* Updated configuration interface with new Okta-specific settings
* Redesigned UI with separate provider cards for improved clarity
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jacob Shandling <jacob@shandling.dev>
