Enterprise users can log into the Magic Leap device and the Device Manager using their enterprise credentials. The Device Manager uses a third-party identity management solution, Okta, to manage the authentication. Any identity source that is compatible (Active Directory or LDAP) with Okta can be used as a single sign-on solution for Magic Leap devices. The diagram below shows how Magic Leap manages the connection between Okta and the Device Manager and the Magic Leap device. The connection from Okta to the enterprise user database is managed by the enterprise customer. For more information on this connection, visit the links at the bottom of this article.
Access to the Device Manager
In order to login to the Device Manager, an individual(s) identified within your organization will need to be granted permission within OKTA by Magic Leap. Administrator's roles will be determined by a custom group within Okta. Once the initial administrator is added by the Magic Leap team, any additional administrators will need to mirror these group membership(s) to properly access Device Manager. Please note, group membership will ONLY be for users that need to configure and manage devices within your organization.
This group may also be synced from a compatible Active Directory or LDAP directory using the Okta group sync feature. The screenshot below shows how using OKTA directly to add the user to a specific group.
There are no additional permissions inside the Device Manager. All features of the Device Manager are available to any user with the permission to log into the site.
For the best practices in configuring OKTA for your environment, please review these articles from OKTA.