Upload Private apps to an app store

  • The OMM menu is only available to orgs that implement Okta Mobility Management (OMM).
  • Procedures documented on this page are only available to customers who have already purchased OMM for their organization. New OMM sales are not supported. For more information, contact Okta Support.

A private app is a native app (an internally developed enterprise app) that you create and distribute to your OMM-enrolled end users. End users obtain private apps from an app store accessible from their mobile device. (Mobile App store for iOS device end users; Play for Work for Android device end users.) If your app supports managed app configuration, see Managed Application Configurations to set up pre-configured key-value pairs that you can send to all managed apps installed by Okta Mobility Management (OMM).

  • Private apps do not appear on end users' desktop Okta Home page.
  • Be aware of these differences between the distribution of Android and iOS apps:
    • Android apps – You can upload public and private apps to the Google Play Store and then link to them from within Okta for distribution to your end users.
    • iOS apps – You can upload only private, enterprise-signed apps to Okta for distribution to your end users.

Upload a private native app

Android

Before You Begin

Procedure

  1. From the Okta Admin Dashboard, go to ApplicationsApplicationsAdd Application, and then click Create New App.

  2. From Platform, select Native app.

  3. Select a Sign on method and then click Create.

    None

    Select None if you do not want to require credentials or any other sign on method to access the app.

    To configure: Under General Settings, enter a Name for the app, and then click Finish.

    SAML 2.0

    A SAML integration provides Federated Authentication standards that allow end users one-click access to the app.

    To configure:

    1. Under General Settings, enter a Name for the app, then click Next
    2. Configure your SAML authentication settings, then click Finish.
    OpenID Connect

    OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It verifies end-user identity and obtains profile information.

    To configure:

    1. Under General Settings, enter an ApplicationName for the app, then click Next.
    2. Under Configure OpenID Connect, add a Redirect UI, then click Finish.
  4. Click the Mobile tab.
  5. From the Add Native App drop-down menu, select Android App.

    User-added image

  6. Private apps cannot exceed 4GB.

  7. In the Upload Mobile App screen, enter the App Package ID, then click Configure App.

  8. Configure any other settings including Permissions (for details, see About Run Time Permissions below), then click Save.

    User-added image

Your app now appears within the Native Application list under the Mobile tab. Once deployed, it's available to your end users.

  • AfW enrollments – For OMM-enrolled users with an AfW enrollment (mandatory for Android 10+ devices; see Announcements), the app appears in a store for managed apps. ClosedScreenshot

  • SAFE or Native enrollments – Private apps are not supported on Android SAFE or Native enrollment types.

iOS

Procedure

  1. From the Okta Admin Console, go to ApplicationsApplicationsAdd Application, then click Create New App.

  2. From Platform, select Native app.

  3. Select a Sign on method and then click Create.

    None

    Select None if you do not want to require credentials or any other sign on method to access the app.

    To configure: Under General Settings, enter a Name for the app, and then click Finish.

    SAML 2.0

    A SAML integration provides Federated Authentication standards that allow end users one-click access to the app.

    To configure:

    1. Under General Settings, enter a Name for the app, then click Next
    2. Configure your SAML authentication settings, then click Finish.
    OpenID Connect

    OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It verifies end-user identity and obtains profile information.

    To configure:

    1. Under General Settings, enter an ApplicationName for the app, then click Next.
    2. Under Configure OpenID Connect, add a Redirect UI, then click Finish.
  4. Click the Mobile tab.
  5. From the Add Native App drop-down menu, select iOS App.

    User-added image

  6. Private apps cannot exceed 4GB.

  7. In the Upload Mobile App screen, browse to the App binary file.
  8. Click Save.

    User-added image

  9. Configure any other settings including Permissions (for details, see About Run Time Permissions below), then click Save.

    User-added image

Your app now appears within the Native Application list under the Mobile tab.

Once deployed, the app is available to OMM-enrolled iOS end users.

Other settings available for mobile apps are described in Enabling Access for Mobile Applications.

Update a private app for iOS

  1. Click Applications.
  2. Navigate to your private app.
  3. Click the Mobile tab.
  4. Click Edit
  5. From the Where is the app located drop-down menu, choose Update app to new version.
  6. Click Browse to find your .ipa file. Keep the following in mind before uploading the new version:

Your app must:

  • Have a matching bundle ID.
  • Have a valid provisioning profile.
  • Have a higher version number than the existing version of the app.
  • Use version numbers with integers only. (Example: Ver 2.1.1). Use of any alphanumeric characters results in an error.

Once the app is uploaded, your OMM-enrolled iOS device end users can update the app through the Mobile App Store in Okta Mobile.

End-User experience for updated apps on iOS

When an end user goes to the Mobile App Store through Okta Mobile, an Update section displays all apps with available updates.

  1. View the Update section.
  2. Tap the Update button of the app.
  3. After the updated app installs, the app icon moves from the Update section to the Installed Applications page. ClosedScreenshot

App Security for iOS

Apps installed through the Mobile App Store are automatically secured through OMM and remain secured as long as the device is enrolled in OMM.

To secure an app installed outside of the Mobile App Store:

  1. Search for your app in the Mobile App Store.
  2. Select Secure.

If you uninstall the app, then re-install it through the Mobile Store, the app remains secured. The option to secure the app again appears only if you unenroll from OMM, then subsequently re-enroll. For details, see Enabling Mobile Access to Applications.

Installed apps that are not secured by OMM are displayed in a dedicated section of the page.

About Run Time Permissions for Android for Work (AfW)

You can specify whether permissions are granted by the admin or the end user (access by the app to storage, phone, etc) are granted: by admin or end user.

  • You must specify permissions before deploying the app.
  • If permissions for an app change, the app becomes inactive until an admin specifies new permissions.
  • If an org enabled an Android and/or Samsung SAFE app, and then later enabled AfW, all active Android apps become inactive until the admin approves their permissions.