Okta Mobile Safari Extension
The Okta Mobile Safari Extension lets Okta Mobile end users SSO in to SWA and SAML apps directly from Safari without having to open Okta Mobile.
Note: This functionality requires iOS Okta Mobile v. 5.6 or above.
- When a mobile end-user clicks a link within an email to an app, the app typically opens in Safari. Users gain immediate access to their apps even if they were not previously signed in to their Okta Mobile account. User experience is improved with access to these deep links directly from an email.
- End users can perform SP-initiated sign on to SWA and SAML apps in Mobile Safari.
- Admins can enable or disable this function for SAML apps.
- From the Admin Dashboard, go to Security > General.
- Scroll down to the Okta Mobile section.
- Under Okta Extension for iOS, note the Sign on to SAML apps check-box.
The Sign on to SAML apps setting allows the Safari Extension to share the Okta Mobile session with Safari. The session lasts for 2 minutes and is then dropped. An end user can sign in to SAML apps by entering only their Okta Mobile PIN (assuming Okta Mobile has a valid session with Okta).
This option is enabled by default. Disable it if you don't want to allow seamless SAML access to Safari. When disabled, only SWA apps are accessible via the extension. A message is presented to end users indicating that SAML apps are not supported in their Safari mobile browser.
To enable the Okta Mobile Safari Extension, end users must perform a one-time configuration.
- Tap the open-in icon at the bottom of the Mobile Safari browser.
- Swipe right to reach the end of the options, then tap More.
- Locate the Okta Mobile Safari Extension, enable it, then drag it to the top of the list.
The extension appears when you tap the open-in icon in Mobile Safari.
If an end user is using Mobile Safari, they can use the extension to fill their sign-on forms.
- In Mobile Safari, open the sign-on page of an app, such as Atlassian Cloud. Tap the open-in icon.
- Select the Okta extension.
Do the either of following depending on whether you are signed-in to Okta Mobile:
If signed into Okta
Confirm your Okta pin, then wait for your credentials to load.
If not signed into Okta
- The Okta sign on screen appears. Enter your credentials, including MFA (if configured).
- You are prompted to create, then confirm a new Okta PIN.
- Wait for your credentials to load.
- Tap the app.
The credentials are auto-populated and you are signed in.