Okta Mobile extends the easy to use Single Sign-On (SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones.) experience of Okta to your iPad, iPhone, or Android device. When you launch the Okta Mobile application, you instantly get one-click access to all of your applications. It is also used to begin end user enrollment into Okta Mobility Management.
Note: Okta Mobile is included with Okta's SSO product and does NOT require purchase of Okta Mobility Management (OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.), our device management product (see Configure Okta Mobility Management for more information).
You can download and install the Okta Mobile appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. according to your phone format. The iPhone and iPad versions can be accessed through the Apple Store, and the Android version can be obtained from the Google Play Store. Simply search for Okta Mobile in the appropriate store.
Okta also provides an alternative way to access the Android version of Okta Mobile, useful in places where the Google Play Store is not available. See Distributing Okta Android Apps in China for details.
Signing On for the First Time
When you first launch Okta Mobile, you are asked to enter your company name and Okta credentials (username and password). If you have enabled multifactor authentication for your organization, your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. are required to complete the extra factor request to sign in.
Your end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. are prompted to set a PIN. This ensures that no one can gain access to their Okta apps if their mobile devices are lost or stolen. If end users forget their PINs, they can click the Sign Out • Reset PIN link on the Enter your PIN dialog.
This is an Early Access feature. To enable it, please contact Okta Support.
Beginning with Okta Mobile 3.2.2 for Android, end users who have Android 6.0+ devices with fingerprint sensor can use their fingerprint to unlock the Okta Mobile app.
When end users first download or update to Okta Mobile 3.2.2 or greater, they will be prompted to turn on fingerprint verification if they already have a fingerprint set up on their device. Otherwise, they must first set up a fingerprint in their device Security settings, then tap the Use fingerprint to sign in toggle in Okta Mobile Settings. If they attempt to turn on fingerprint sign-in without a fingerprint set up, they will receive a prompt that takes them to their device settings to set one up.
If your end users use Okta Mobile to enroll in OMM with Android for Work, they must re-enable fingerprint verification after enrollment. Users with Android 7.0+ devices must set up a separate fingerprint for their work profile, then return to Settings in the Okta Mobile app to turn on fingerprint verification.
As soon as you launch Okta Mobile, your Home page opens.
iOS Devices: If you are using an iOS device, your applications are displayed in a chiclet view (Tile View), much like Okta's web application:
You can change the display to a list of applications via the Settings menu.
- Android Devices: If you are using an Android device, your applications are also displayed in a chiclet view; however, there is no list view available.
Your end users are only able to edit credentials for the apps that you allow. To edit the apps for which you have permitted editing, end users must do the following:
From your Okta Mobile Home page, find the app that requires a credential change.
Edit your credentials as follows:
- iOS Devices: Tap and hold the app icon. An App Settings screen appears displaying your Username and Password. If you have permissions to edit your password, that field will be editable. Type in a new password, then click Done.
- Android Devices: Tap and hold the app icon. A Settings screen appears. If you have permissions to edit your password, that field will be editable. Type in a new password, then click Save.
Any password changes you make to your applications in the Okta mobile application are automatically remembered by the Okta Service, so if you access Okta using your desktop or iPhone, the app's old password is automatically updated.
Note: This feature is only available for iOS devices.
You can now print the content of the Okta Mobile browser to any AirPrint-enabled printer.
To print, touch the new printer button in the lower right to display the printing options:
Note: This feature is only available for iOS devices.
You can change your Okta password directly on your device.
To change your password:
- Select the menu icon on your Okta Mobile Home page.
- Select Settings > Change Password.
- Type in, then confirm a new password.
- Click Done.
Select Devices > Mobile Policies from the Administrator Dashboard to access administrative tasks for Okta Mobile.
Examples of Administrative tasks are Passcode Policy settings such as Require Device Password, Maximum Passcode Age, etc.
You can determine whether a given application is visible in Okta Mobile. Use this setting to hide applications that are not mobile-ready.
To hide an application from Okta Mobile, do the following:
- From the Administrator Dashboard, select Applications
- Select the app you want to hide from Okta Mobile.
- On the General tab, select Edit in the App Settings section.
- For Application visibility, check Do not display application icon in the Okta Mobile App.
- Click Save.
For certain apps, enabling SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. means that end users are not able to sign in using their regular sign-on page and must access the app through the Okta service.
Note: Most of these apps provide a backup URL from which users can sign in using their normal username and password.
The ability to access mobile versions of these apps, enabled for SAML, depends on the application itself. Apps such as SFDC and Box support SAML in their mobile applications; however, there are some ISVs that still require a login username and password for mobile support. To confirm the status of your mobile support, check with the affected ISVs.
Beginning with Okta Mobile 5.0 for iOS and 2.16.0 for Android, an enhanced enrollment flow helps your end-users understand their device privacy status when their device(s) are managed by IT. This increases your end user’s visibility into which kinds of data are private and what is company accessible.
The following steps assume that you have enabled OMM and created one or more mobile policies. For details about creating policies for iOS or Android, see Configuring Mobile Policies.
Once you have enabled policies for your end-users, they will immediately be prompted with the following enrollment flow when they sign into Okta Mobile.
End User Configuration
End users have three options to proceed:
- Get Started begins the end user enrollment of OMM.
- Learn how we protect your privacy provides a list of adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. accessible data on the end-user’s device, once connected, as shown below.
- Skip allows users to come back later.
If the end user chooses to skip enrollment, they are immediately brought into their Okta App page. Selecting Learn More takes them back into the OMM starting page, allowing them another opportunity to enroll. This can also be accessed from the app Settings section of the app.
Once enrolled, end-users can view their device status from the Settings screen. From here, they can also re-enroll if they have previously un-enrolled from OMM.