Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-21 07:58:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 110
fleet/it-and-security
History
Mitch Francese aff7baf3f6
Pilot deployment of Okta Verify (#38646) 
This pull request introduces new configuration profiles to support Okta
conditional access for macOS devices, specifically targeting the
Information Technology department. It also updates the GitHub Actions
workflow to include a new secret for the Okta CA certificate.
Additionally, it removes the `workstations-canary` team configuration,
likely as part of a cleanup or migration.

The most important changes are:

**Conditional Access and Okta Integration:**

* Added a new configuration profile,
`fleet-okta-conditional-access.mobileconfig`, to manage trusted CA
certificates, SCEP enrollment, mTLS identity preferences, and Chrome
mTLS auto-selection for Okta conditional access on macOS. This profile
is applied to devices labeled with "Department: Information Technology".
[[1]](diffhunk://#diff-904aba5588b0d2c8dc325414aa1e8f2cd8a324602ac8e0c1cd2a5dff28db357bR1-R157)
[[2]](diffhunk://#diff-96f80858f5a487334ae6014cddaa65d1bb79d7e85fa0ea596d1e49063f5b99bdR72-R77)
* Added a new configuration profile,
`okta-verify-settings.mobileconfig`, to configure privacy preferences,
managed login items, notification settings, and Okta Verify app settings
for macOS devices in the Information Technology department.
[[1]](diffhunk://#diff-b321656e070ad9cb0727fe7ced60565d88bf31d236ac2642d3192fcb375fa4b2R1-R129)
[[2]](diffhunk://#diff-96f80858f5a487334ae6014cddaa65d1bb79d7e85fa0ea596d1e49063f5b99bdR72-R77)

**Workflow and Secrets Management:**

* Updated the GitHub Actions workflow (`dogfood-gitops.yml`) to include
the `DOGFOOD_OKTA_CA_CERTIFICATE` secret, supporting the new Okta
conditional access configuration.

**Configuration Cleanup:**

* Removed the `workstations-canary.yml` team configuration, eliminating
its policies, software, scripts, and settings.

---------

Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Co-authored-by: Allen Houchins <allenhouchins@mac.com>
2026-01-28 16:24:21 -06:00
..
lib Pilot deployment of Okta Verify (#38646) 2026-01-28 16:24:21 -06:00
teams Pilot deployment of Okta Verify (#38646) 2026-01-28 16:24:21 -06:00
default.yml Rename "📱🏢 Company-owned mobile devices" to "📱🏢 Employee-issued mobile devices" (#38907) 2026-01-27 22:18:33 -06:00