Set up Okta Mobility Management on an Android device
Okta Mobility Management (OMM) secures your mobile device and configures it to access your work email, calendar, contacts, and applications. If your administrator enabled OMM, you must enroll in the service.
Before you begin
-
If your organization uses Okta FastPass, you can’t use Okta Mobile. To access your applications, go to the Okta Dashboard in the mobile browser, or tap Open dashboard in Okta Verify.
Check if you use Okta FastPass. Open Okta Verify and tap your account. If Okta FastPass has a green checkmark, your organization uses the Okta FastPass sign-in method.
-
On Android 12, fingerprint verification is not supported if Okta Mobile is installed in your work profile (Okta Mobility Management is set up).
- If you set up your work profile using Okta Mobile 4.21.0, apps in your work profile might not be installed automatically. Go to the Play for Work app store and download the apps that you need.
Start this task
- Install the Okta Mobile application on your Android device.
- Tap the Okta Mobile app and sign in.
For Okta preview tenants, enter the entire URL in the Site name field (for example: https://yourcompany.oktapreview.com).
- You may be prompted with multifactor authentication (MFA), such as Okta Verify.
- Set up and confirm a new PIN. Tap Done when complete.
- When prompted to secure your device in order to access work resources, tap Get Started > Secure now to begin setting up your work profile.
During the set-up process you may be prompted for your device's PIN.
-
Perform the appropriate procedure for the type of enrollment you are doing:
Android for Work Enrollment
- Follow the on-screen prompts to set up your work profile:
On the Set up work profile screen, tap Next.
The next window describes the abilities and permissions of your admin. Tap OK to continue setting up your work profile.
Considerations:
- If your device does’t have a passcode, you may be prompted to set one.
- If you have not encrypted your device, you may be prompted to do so. This may take an hour or more, so connect your device to a power source and make sure you have time to complete the process. - After you have set up your work profile, you are redirected to the Okta app and prompted to enter your PIN. Use the Okta Mobile PIN you created.
- If your organization does not use GSuite, skip to step 6. If it does, you are prompted to accept the Privacy Policy and Terms of Service. Tap Accept to continue.
- You are prompted to sign in to your company's account. Enter your organization credentials, then tap Next to continue.
- A Google screen appears describing the details of your new account and how it is administered. Tap Accept to agree to the Google terms of service and continue.
- Your device has been successfully enrolled in OMM, and the enablement process for Play for Work begins. This may take a few minutes. If your device locks during the process, you may have to re-enter your Okta Mobile PIN. You can then access Play for Work by tapping the Menu icon in the top left corner, then tapping Play for Work in the sidebar that appears.
- After Play for Work has been enabled, tap to accept the Terms of Service.
- The Play for Work app store displays, with all the mobile-enabled applications you have been assigned.
- Tap any app to go to its detailed page, then tap Install to install it on your device. Once an app is installed, tap Open to configure the native app for this device.
Samsung SAFE Enrollment
If you are using a Samsung device that does not support Android for Work, follow these steps.
- The Samsung Knox privacy policy appears. Tap Accept to continue.
- An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue. On the Mobile Apps Store page, you find any apps your administrator has assigned to you.
- Tap Install to go to the app's page on the Google Play Store, then Tap Install to install it on your device.
Native Android Enrollment
If you are using a non-Samsung device that does not support Android for Work, follow these steps.
- A dialog appears asking you to enroll in OMM to access your company's resources. Tap Enroll to continue.
- An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue. On the Mobile Apps Store page you find any apps your administrator has assigned to you.
- Tap Install to to go to the app's page on the Google Play Store, then tap Install to install it on your device.
Considerations:
- If any of the apps already exist on the device, they are considered unmanaged and are not subject to Okta's security policies, they will however, show up on the Okta Apps store page. You should to remove any unmanaged versions of managed apps from your device, then reopen the Okta mobile app.
- Your admin may have configured OMM so that documents in managed apps can only be opened by other managed apps installed on that device.
Next steps
When a new app is made available for you, that app automatically appears in the Mobile Apps Store on your device. Install it. Note that you can uninstall a managed app at any time. Okta Mobility Management does not prevent you from doing so.
- Follow the on-screen prompts to set up your work profile: