Okta Mobile delivers Okta's simple Single Sign-On (SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones.) experience to your iPad, iPhone, or Android device. When you launch the Okta Mobile application, you instantly get one-click access to all of your applications. It is also used to begin end user enrollment into Okta Mobility Management.
Note: Okta Mobile is included with Okta's SSO product and does NOT require purchase of Okta Mobility Management (OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.), our device management product (see Configure Okta Mobility Management for more information).
The Okta Mobile appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. is available for iOS in the Apple App Store and for Android in the Google Play Store. Simply search for Okta Mobile in the appropriate store.
Okta also provides an alternative way to access the Android version of Okta Mobile, useful in places where the Google Play Store is not available. See Distributing Okta Android Apps in China for details.
Signing On for the First Time
When you first launch Okta Mobile, you are prompted to enter your company name and Okta credentials (username and password). If you have enabled multifactor authentication for your organization, your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. are required to complete the extra factor request to sign in.
Important: When signing in to Okta Mobile for the first time, you may encounter a network error if you enter an incorrect value in the Site name field such as your company domain name (for example, acme.com) or your email address (for example, email@example.com). To avoid this, make sure to enter only your Okta orgAn abbreviation of organization, but can also be thought of as a company. A company that uses Okta as their SSO portal is generally referred to as an org. As an administrator, you decide how Okta should be displayed and/or integrated with your org. URL in the Site name field (for example, acme.okta.com).
Your end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. are prompted to set a PIN. This ensures that no one can gain access to their Okta apps if their mobile devices are lost or stolen. If end users forget their PINs, they can click the Sign Out • Reset PIN link on the Enter your PIN dialog.
This is an Early Access feature. To enable it, please contact Okta Support.
End users can also unlock the Okta Mobile app with a fingerprint.
Note: Fingerprint authentication for iOS and Android are separate features. If you want to enable fingerprint authentication for both your iOS and Android end users, you will need to ask for them both.
Requirements and Setup on iOS Devices
- Okta Mobile 5.10.1 for iOS
- iPhone 5S or later, iPad (5th generation), iPad Pro, iPad Air 2, or iPad mini 3 or later
If an end user already has a fingerprint set up on their device, they will be prompted to turn on fingerprint verification when they first download or update to iOS Okta Mobile 5.10.1 or greater. Otherwise, they must first set up TouchID on their device, then tap the Use TouchID to sign in toggle in Okta Mobile Settings.
Requirements and Setup on Android Devices
- Okta Mobile 3.2.2 for Android
- Android 6.0+ device with a fingerprint sensor
If an end user already has a fingerprint set up on their device, they will be prompted to turn on fingerprint verification when they first download or update to Okta Mobile 3.2.2 or greater. Otherwise, they must first set up a fingerprint in their device Security settings, then tap the Use fingerprint to sign in toggle in Okta Mobile Settings.
If your end users use Okta Mobile to enroll in OMM with Android for Work, they must re-enable fingerprint verification after enrollment. Users with Android 7.0+ devices must set up a separate fingerprint for their work profile, then return to Settings in the Okta Mobile app to turn on fingerprint verification.
As soon as you launch Okta Mobile, your Home page opens.
iOS Devices: If you are using an iOS device, your applications are displayed in a chiclet view (Tile View), much like Okta's web application:
You can change the display to a list of applications via the Settings menu.
- Android Devices: If you are using an Android device, your applications are also displayed in a chiclet view; however, there is no list view available.
Your end users are only able to edit credentials for the apps that you allow. To edit the apps for which you have permitted editing, end users must do the following:
From your Okta Mobile Home page, find the app that requires a credential change.
Edit your credentials as follows:
- iOS Devices: Tap and hold the app icon. An App Settings screen appears displaying your Username and Password. If you have permissions to edit your password, that field will be editable. Type in a new password, then click Done.
- Android Devices: Tap and hold the app icon. A Settings screen appears. If you have permissions to edit your password, that field will be editable. Type in a new password, then click Save.
Any password changes you make to your applications in the Okta mobile application are automatically remembered by the Okta Service, so if you access Okta using your desktop or iPhone, the app's old password is automatically updated.
Note: This feature is only available for iOS devices.
You can now print the content of the Okta Mobile browser to any AirPrint-enabled printer.
To print, touch the new printer button in the lower right to display the printing options:
Note: This feature is only available for iOS devices.
You can change your Okta password directly on your device.
To change your password:
- Select the menu icon on your Okta Mobile Home page.
- Select Settings > Change Password.
- Type in, then confirm a new password.
- Click Done.
Select Devices > Mobile Policies from the Administrator Dashboard to access administrative tasks for Okta Mobile.
Examples of Administrative tasks are Passcode Policy settings such as Require Device Password, Maximum Passcode Age, etc.
You can determine whether a given application is visible in Okta Mobile. Use this setting to hide applications that are not mobile-ready.
To hide an application from Okta Mobile, do the following:
- From the Administrator Dashboard, select Applications
- Select the app you want to hide from Okta Mobile.
- On the General tab, select Edit in the App Settings section.
- For Application visibility, check Do not display application icon in the Okta Mobile App.
- Click Save.
For certain apps, enabling SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. means that end users are not able to sign in using their regular sign-on page and must access the app through the Okta service.
Note: Most of these apps provide a backup URL from which users can sign in using their normal username and password.
The ability to access mobile versions of these apps, enabled for SAML, depends on the application itself. Apps such as SFDC and Box support SAML in their mobile applications; however, there are some Independent Software Vendors (ISVs) that still require a login username and password for mobile support. To confirm the status of your mobile support, check with the affected ISVs.