Add an iOS platform rule

  • The OMM menu is only available to orgs that implement Okta Mobility Management (OMM).
  • Procedures documented on this page are only available to customers who have already purchased OMM for their organization. New OMM sales are not supported. For more information, contact Okta Support.

  1. In the Admin Console, go to OMM > OMM Policies.

  2. Click the required device policy.

  3. Click Add Platform Rule.

  4. Select iOS.

  5. Choose one of the following:
    • Allow devices: Select this option to allow users to enroll their macOS device through OMM, and then click Next. Proceed to the next step.
    • Deny devices: Select this option to prevent users from enrolling their macOS device through OMM, and then click Save. The procedure is complete.
  6. Configure iOS passcode requirements:
    • Required or optional: Select if you want to require users to enter a device passcode. If so, specify the following:
      • Allow simple value: Select if you want to allow end-users to use repeating or increasing/decreasing characters (such as "123" or "CBA").
      • PIN minimum length: Specify the minimum PIN length (from 4 to 30).
      • Characters: Specify whether passcodes must contain at least one letter and/or at least one symbol.
      • Expiration: Specify whether passcodes never expire (the default), or the number of days they are valid before expiration (Max age), and how many distinct passcodes a user must create before they can reuse a previous passcode (History limit).
      • Failed attempts before wipe: Specify the maximum number of times end users can enter the wrong passcode before their device is wiped. Note the following:
        • Select Unlimited attempts if you never want to wipe a device because of failed passcode attempts.
        • Devices are not wiped if users enter the wrong passcode less than 4 times.
        • You can allow up to 10 failed attempts before the device is wiped.
  7. Configure iOS lock timing settings:
    • Turn display off: Specify how long a user can be inactive before the display is turned off.
    • Then require passcode: Specify how long after the display is turned off (either via the auto-lock or manually by the user) that the user must enter their passcode to unlock the device.
  8. Configure iOS data separation settings, to specify whether to allow Okta-managed apps to access and share data with other unmanaged apps (and vice versa) on a device:
    • Managed to persona: Select to allow Managed apps to transfer data to personal apps.
    • Personal to managed: Select to allow Personal apps to transfer data to managed apps.
  9. Configure iOS permissions settings:
    • Wipe all device data: Specify if the disable wipe all device data permission is enabled.

  10. Click Save.

Next steps