Okta Mobile Safari Extension

With the Okta Mobile Safari Extension, Okta Mobile users can access Secure Web Authentication (SWA) and Security Assertion Markup Language (SAML) apps by single sign-on (SSO) directly from Safari without having to open Okta Mobile.

This functionality requires iOS Okta Mobile 5.6 or a later version.

As an administrator, you can enable this function for SAML apps to achieve benefits, such as:

  • When mobile users clicks a link to an app within an email, the app typically opens in Safari. Users gain immediate access to their apps even if they were not previously signed in to their Okta Mobile account. Users can access deep links directly from an email.
  • End users can perform SP-initiated sign on to SWA and SAML apps in Mobile Safari.

Enable Mobile Safari Extension in Okta

  1. In the Admin Console, go to Security > General.
  2. Scroll down to the Okta Mobile section.
  3. Under Okta Extension for iOS, note the Sign on to SAML apps check-box. This option is enabled by default. If it's not enabled, click Edit, select the check box, and save your change.

    The Sign on to SAML apps setting allows the Safari Extension to share the Okta Mobile session with Safari. The session lasts for 2 minutes and is then dropped. An end user can sign in to SAML apps by entering only their Okta Mobile PIN (assuming Okta Mobile has a valid session with Okta).

    Disable this option if you don't want to allow seamless SAML access to Safari. When disabled, only SWA apps are accessible via the extension. A message is presented to end users indicating that SAML apps are not supported in their Safari mobile browser.

Next steps

To enable the Okta Mobile Safari Extension, end users must perform a one-time configuration. See Okta Mobile Safari Extension (Documentation for end users).