Wipe data from a device

When you select a wipe option:

  • Online devices are wiped and unenrolled from OMM when they come online (cellular or WiFi).
  • Offline devices are not wiped until they come online. Until the devices are online, users can access corporate data on the device, and admins may see the device Status as Enrolled, on the Okta Admin Console OMM page.

The Devices page has two data wipe options:

Wipe only company data from a device

When you wipe company data from a device, managed apps and configurations are removed from the device, and the device is unenrolled from OMM. Wiped devices are listed as Deprovisioned in the Status column of the upper dashboard and in the downloadable CSV report. When a user is deactivated from Okta, their OMM-enrolled device is automatically deprovisioned and all company-managed apps and data are removed from the device in OMM. If the user is reactivated later, they must re-enroll their device. Wiping company data does not require end-user confirmation. After you wipe a device of company data, users see the effects of the wipe the next time they sign in.

Complete this procedure before you unenroll a user from OMM. Discourage users from removing or unenrolling from OMM themselves; otherwise, the Okta servers may never detect the removal (for example, if there is a poor network connection or if the device is offline). This creates a scenario in which a deprovisioned device is still shown as Enrolled on the OMM page. This scenario can occur regardless of a device's rooted or jailbroken status.

  1. Find the device you want to wipe:
    1. In the Admin Console, go to DirectoryPeople.
    2. Click the user whose device you want to wipe of company data.
    3. Click the OMM tab.
    4. In the Device Name column, locate the device you want to wipe.

    You can also find the device by going to OMMOkta Mobility Managment. In the Device Name & User column, locate the device you want to wipe.

  2. In the Actions column, click the icon, and then click Wipe Company Data.

    3. Okta-managed native apps are wiped. Personal apps, content, and settings are not wiped. (You can also do this from the Device Attributes page using the Device Actions drop-down menu.)

When a user is deleted from Okta, their device no longer appears in the device report.

See Generate a device report for information about generating reports.

Wipe all data from a device

Note about the Wipe All Device Data option:

The Wipe All Device Data option is enabled by default but you can disable it on a per-iOS mobile policy basis for new OMM enrollments. When disabled, the Wipe All . . . option is unavailable in the Device Actions menu for iOS devices that:

  • Are covered by the relevant iOS mobile policy.
  • Enrolled in OMM after the Wipe All . . . option was disabled in the mobile policy. The Wipe All . . . option is still available for iOS devices that enrolled in OMM before the option was disabled.

  1. In the Admin Console, go to OMMOMM Policies.
  2. Select a policy in the left pane.
  3. Under Platforms, locate the rule for the relevant iOS device, and then click the pencil icon.
  4. In the Edit iOS Rule dialog box, click Next to advance to the second screen.
  5. Scroll down to the IOS permissions section, and then select Disable wipe all device permission.

  6. Click Save.

When you wipe all data from a device, all apps and data are removed from the device, and the device is returned to its factory settings. Like the Wipe Company Data option, this option also unenrolls the device from OMM. Once wiped, these devices are listed as Deprovisioned under the Status column and the device appears in the device report as Deprovisioned. If the user is reactivated later, they must re-enroll their device.

  1. In the Admin Console, go to OMMOkta Mobility Management.

  2. In the Device Name & User column, click the device you want to wipe.

  3. On the Device Attributes page, click the Device Actions drop-down menu, and then click Wipe All Device Data.

    All apps and data are wiped from the device, and the device is restored to its factory settings. You can disable this option on a per-iOS policy basis. For details, click the Important to know before you begin> link above.