Set up Okta Mobility Management on an Android device

Okta Mobility Management (OMM) secures your mobile device and configures it to access your work email, calendar, contacts, and applications. If your administrator enabled OMM, you must enroll in the service.

Before you begin

  • If your organization uses Okta FastPass, you can’t use Okta Mobile. To access your applications, go to the Okta Dashboard in the mobile browser, or tap Open dashboard in Okta Verify.

    Check if you use Okta FastPass. Open Okta Verify and tap your account. If Okta FastPass has a green checkmark, your organization uses the Okta FastPass sign-in method.

  • On Android 12, fingerprint verification is not supported if Okta Mobile is installed in your work profile (Okta Mobility Management is set up).

  • If you set up your work profile using Okta Mobile 4.21.0, apps in your work profile might not be installed automatically. Go to the Play for Work app store and download the apps that you need.

Start this task

  1. Install the Okta Mobile application on your Android device.
  2. Tap the Okta Mobile app and sign in.

    For Okta preview tenants, enter the entire URL in the Site name field (for example: https://yourcompany.oktapreview.com).

    Okta sign-in screen
  3. You may be prompted with multifactor authentication (MFA), such as Okta Verify.
    Prompt for Okta Verify authentication
  4. Set up and confirm a new PIN. Tap Done when complete.
    Okta Mobile PIN setting page
  5. When prompted to secure your device in order to access work resources, tap Get Started > Secure now to begin setting up your work profile.

    During the set-up process you may be prompted for your device's PIN.

    OMM Get Started page

  6. Perform the appropriate procedure for the type of enrollment you are doing:

    Android for Work Enrollment

    1. Follow the on-screen prompts to set up your work profile:
      On the Set up work profile screen, tap Next.
      Work profile setup page
      The next window describes the abilities and permissions of your admin. Tap OK to continue setting up your work profile.
      Summary of admin permissions
      Considerations:
      - If your device does’t have a passcode, you may be prompted to set one.
      - If you have not encrypted your device, you may be prompted to do so. This may take an hour or more, so connect your device to a power source and make sure you have time to complete the process.
    2. After you have set up your work profile, you are redirected to the Okta app and prompted to enter your PIN. Use the Okta Mobile PIN you created.
      Okta PIN setting page
    3. If your organization does not use GSuite, skip to step 6. If it does, you are prompted to accept the Privacy Policy and Terms of Service. Tap Accept to continue.
      GSuite privacy policy confirmation
    4. You are prompted to sign in to your company's account. Enter your organization credentials, then tap Next to continue.
      G Suite sign-in page
    5. A Google screen appears describing the details of your new account and how it is administered. Tap Accept to agree to the Google terms of service and continue.
      Google account info
    6. Your device has been successfully enrolled in OMM, and the enablement process for Play for Work begins. This may take a few minutes. If your device locks during the process, you may have to re-enter your Okta Mobile PIN. You can then access Play for Work by tapping the Menu icon in the top left corner, then tapping Play for Work in the sidebar that appears.
      Successful enrollment confirmation page
    7. After Play for Work has been enabled, tap to accept the Terms of Service.
      Google Play terms of service
    8. The Play for Work app store displays, with all the mobile-enabled applications you have been assigned.
      List of apps
    9. Tap any app to go to its detailed page, then tap Install to install it on your device. Once an app is installed, tap Open to configure the native app for this device.
      OMM application example

    Samsung SAFE Enrollment

    If you are using a Samsung device that does not support Android for Work, follow these steps.

    1. The Samsung Knox privacy policy appears. Tap Accept to continue.
    2. An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue. On the Mobile Apps Store page, you find any apps your administrator has assigned to you.
      Native apps store
    3. Tap Install to go to the app's page on the Google Play Store, then Tap Install to install it on your device.
      Apps page on the Google Play store page

    Native Android Enrollment

    If you are using a non-Samsung device that does not support Android for Work, follow these steps.

    1. A dialog appears asking you to enroll in OMM to access your company's resources. Tap Enroll to continue.
    2. An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue. On the Mobile Apps Store page you find any apps your administrator has assigned to you.
      Screen cap of mobile apps store
    3. Tap Install to to go to the app's page on the Google Play Store, then tap Install to install it on your device.
      Example of application in the Google Play Store

    Considerations:

    • If any of the apps already exist on the device, they are considered unmanaged and are not subject to Okta's security policies, they will however, show up on the Okta Apps store page. You should to remove any unmanaged versions of managed apps from your device, then reopen the Okta mobile app.
    • Your admin may have configured OMM so that documents in managed apps can only be opened by other managed apps installed on that device.

    Next steps

    When a new app is made available for you, that app automatically appears in the Mobile Apps Store on your device. Install it. Note that you can uninstall a managed app at any time. Okta Mobility Management does not prevent you from doing so.