Okta Mobility Management with Android for Work

Android for Work, or Android in the enterprise, is Google's solution to enterprise mobility management. Enrolling an end user in Okta Mobility Management (OMM) through Android for Work creates an encrypted, containerized Work profile on their device, and installs a managed Google Play store. These allow you to assign separate managed versions of work apps, like Box or Outlook, as well as selectively wipe company data from an end user's device, while leaving their personal data intact.

Supported Versions of Android

Android for Work is supported on devices running Android 5.1.1 (L) and above.

Note: If you enable Android for Work, we strongly recommend you deploy Google Chrome to your OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information. usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. in order to prevent unexpected behavior on certain older Android devices. See Enable access to managed mobile apps for information on deploying managed apps.

Note: When a work profile is configured on an Android O device, Google Chrome is automatically installed. This prevents Okta Mobile and other apps that use web views from crashing due to a bug in Android O. See the Google documentation of the bug for details.

Set up Android for Work

See Setting up Android for Work in Okta for instructions.

Configure a Work profile passcode policy

OMM allows you to configure passcode policies for any supported Android device. These policies allow you to require your users to enter a passcode that meets your specifications to unlock their device. They are applied based on groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. you create, which allows you to set different levels of access and security for different people.

For an additional level of flexibility, you can also set a separate work profile passcode policy for your users with Android 7.0+ devices. You can use this policy to require users to enter a passcode before accessing apps managed by their work profile, which allows you to set a more secure policy for accessing work resources than for accessing personal apps and data. This way, your users can easily access their personal resources without having to enter complex passwords, while still keeping company data safe and secure.

Note: Requires Okta Mobile 3.0 or above.

To set a work profile passcode policy, you must create or edit a device policy, then configure that policy's Android rule.


Known Issue

(Applies to Android devices running versions 7.1 or 7.1.1; fixed in 7.1.2) After an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. strengthens a group's work profile passcode policy, end users are prompted to update their passcode to comply with the updated policy. However, when end users respond to the prompt, their device passcode is updated instead of their work profile passcode. If the end user's Security settings allow different device and work profile passcodes, they are prompted continually to update their work profile passcode until they change it in their device settings.


Related Resources

Configure Okta Mobility Management Policies

Configure Okta Mobility Management

Use Okta Mobile

Top