Configure OMM

Okta Mobility Management (OMM) allows you to manage your end users' computers, mobile devices, applications, and data. Your end users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Concur. As an administrator, you can remove managed apps and associated data from end users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps.

  • The OMM menu is only available to orgs that implement Okta Mobility Management (OMM).
  • Procedures documented on this page are only available to customers who have already purchased OMM for their organization. New OMM sales are not supported. For more information, contact Okta Support.

Before you begin

  • Make sure end user devices are running the supported OS version.
  • Make sure Okta Mobile is installed on end user devices.
  • For the Okta Mobility Management enrollment process to succeed, Okta Mobile must be installed on end-user devices.

    Note the following:

    • iOS: Following OMM enrollment, any security policies that you configure remain active even if end users delete Okta Mobile from their device.
    • Android: Android device users cannot delete Okta Mobile from their devices unless they unenroll from OMM.
  • iOS and macOS devices: Create an Apple ID at so that you can complete the Apple Push Notification Service setup.
  • iOS devices only: Review the Known Issue concerning Apple iOS 10.
  • Make sure groups are created in your org before you configure mobile policies. You can create groups in Okta or import them from your directory. For more information, see Add and use groups.


  1. Enable OMM enrollment.

  2. See Enable OMM enrollment.

  3. If required, manage your Apple Push Notification (APNS) certificates.

  4. See Manage Apple Push Notification (APNS) Certificates.

  5. If required, renew APNS certificates.

  6. See Renew APNS Certificates.

  7. If desired, disable the Wipe All Device Data option.

  8. See Disable the Wipe All Device Data option.

  9. Restrict OMM enrollment based on device status and OS

  10. See Restrict OMM enrollment based on device status and OS.

  11. Add users. If you already imported your users, proceed to the next step. If not, there are many ways to add users to your org. You can import them as described in Importing People or by individually adding them as described in Adding People. You can import users from your existing directories as well. Refer to Available Directory Integrations for information on importing users from Active Directory, LDAP, and other directories.

  12. Add and use Groups. Okta Mobility Management security policies are configured and enforced at the group level. You cannot assign policies to individual users. You can add groups in Okta or use groups that you have imported from directories or apps. For more information about adding groups in Okta, refer to the Groups section in Manage People. For a complete overview of using groups in Okta, including detailed descriptions of importing groups from directories, refer to About Groups.

  13. Pre-configure Managed Application Configuration

  14. See Pre-configure Managed Application Configuration.

  15. Set up end users

  16. See End User Setup.

Related topics