mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 08:58:41 +00:00
e51561914b
This pull request updates the Okta Verify on Windows SCEP configuration documentation and profile to simplify deployment with Fleet and reduce manual steps. The changes make the process more reliable by standardizing variable usage, improving instructions, and automating certificate enrollment. **Key improvements and changes:** **Documentation and workflow simplification:** - The guide in `articles/enable-okta-verify-on-windows-using-a-scep-configuration-profile.md` was rewritten for clarity and to reflect the new automated approach. Manual editing of XML and scripts is no longer needed; Fleet-managed variables and secrets now handle all required values. Steps for gathering prerequisites, deploying, verifying, and renewing certificates are streamlined, and troubleshooting guidance is expanded. - The subject name in the certificate is now set to use the hardware serial (`$FLEET_VAR_HOST_HARDWARE_SERIAL`) instead of the host UUID, improving uniqueness and traceability. ([docs/solutions/windows/configuration-profiles/install Okta attestation certificate - [Bundle].xmlL77-R89](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L77-R89)) **Secret management and security:** - The configuration profile now references Fleet secrets (`$FLEET_SECRET_OKTA_SCEP_URL`, `$FLEET_SECRET_OKTA_SCEP_CHALLENGE`, `$FLEET_SECRET_OKTA_CA_THUMBPRINT`) directly, removing the need for manual substitution and reducing risk of misconfiguration. ([docs/solutions/windows/configuration-profiles/install Okta attestation certificate - [Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141)) **Automated certificate enrollment:** - An `<Exec>` command is added to the XML profile to automatically trigger SCEP enrollment upon deployment, further reducing manual intervention. ([docs/solutions/windows/configuration-profiles/install Okta attestation certificate - [Bundle].xmlL98-R141](diffhunk://#diff-d8fc2c8add5725599bdc41a7b417dc3978cfc34eb6fcb8950db513f2b5799aa5L98-R141)) These changes make the Okta Verify SCEP configuration for Windows much easier to deploy and maintain, with improved automation and clearer instructions. --------- Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| 01-Using-Fleet | ||
| Configuration | ||
| Contributing | ||
| Deploy | ||
| files | ||
| Get started | ||
| images | ||
| REST API | ||
| solutions | ||
| mdm-commands.yml | ||
| queries.yml | ||
| README.md | ||
| scripts.yml | ||
Fleet documentation
Welcome to the documentation for Fleet, the lightweight management platform for laptops and servers.
You can also read the Fleet docs over at https://fleetdm.com/docs.
Using Fleet
Resources for using the Fleet UI, fleetctl CLI, and Fleet REST API.
Deploying
Resources for installing Fleet's infrastructure dependencies, configuring Fleet, deploying osquery to hosts, and viewing example deployment scenarios.
Contributing
If you're interested in interacting with the Fleet source code, you'll find information on modifying and building the code here.
If you have any questions, please don't hesitate to File a GitHub issue or join us on Slack. You can find us in the #fleet channel.