Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/articles/conditional-access.md
Rachael Shaw c9fe68b924
v4.84.0 doc changes (#40665)
2026-04-24 20:07:13 -05:00

1.4 KiB
Raw Blame History

Conditional access

Fleet's conditional access feature lets IT and security teams enforce access controls on macOS and Windows hosts based on policy status. When a host fails a particular policy in Fleet, access to third-party apps can be blocked until the issue is resolved.

Fleet currently has built-in conditional access integrations with Okta (macOS only) and Entra (macOS and Windows):

How it works

  1. IT enables the conditional access automation for the policies which determine access.
  2. Fleet evaluates policies on each host.
  3. Fleet communicates compliance status to the identity provider (IdP).
  4. The IdP enforces access decisions, blocking users who are failing the policies from logging into protected apps.
  5. Users remediate issues on their hosts and refetch to verify. Once the host passes all required policies, access is restored.