Set up Okta Mobility Management on an Android device

Okta Mobility Management (OMM) ensures that your mobile device is secure. It configures it to access your work email, calendar, contacts, and applications. If your administrator enabled OMM, you have to enroll in the service.

Before you begin

  • If your organization uses Okta FastPass, you can’t use Okta Mobile. To access your applications, go to the Okta Dashboard in the mobile browser, or tap Open dashboard in Okta Verify.

    Check if you use Okta FastPass. Open Okta Verify and tap your account. If Okta FastPass has a green checkmark, your organization uses the Okta FastPass sign-in method.

  • On Android 12, fingerprint verification isn’t supported if Okta Mobile is installed in your work profile (Okta Mobility Management is set up).

  • If you set up your work profile using Okta Mobile 4.21.0, your might not be installed in your work profile automatically. Go to the Play for Work app store and download the apps that you need.

Start this task

  1. Install the Okta Mobile application on your Android device.
  2. Tap the Okta Mobile app and sign in.

    For Okta preview tenants, enter the entire URL in the Site name field (for example: https://yourcompany.oktapreview.com).

    Okta sign-in screen.

    If prompted, use multifactor authentication (MFA) to sign in. For example, authenticate with Okta Verify.

    Prompt for Okta Verify authentication.

  3. Set up and confirm a new PIN. Tap Done.

    Okta Mobile PIN setting page.

  4. Tap Get Started > Secure now. During the work profile setup, enter the device PIN if prompted.

    OMM Get Started page.

  5. Complete the work profile enrollment:

    Android for Work Enrollment

    1. Follow the prompts to set up your work profile. On the Set up work profile page, tap Next.

      Work profile setup page.

      The next window describes the abilities and permissions of your admin.

    2. Tap OK to continue work profile setup.

      Summary of admin permissions.

      • If your device doesn’t have a passcode, you might have to set one.

      • If you didn't encrypt your device, you might have to do so. It can take an hour or more to encrypt your device. Connect your device to a power source and ensure that you have time to complete the process.

    3. After you set up your work profile, you’re redirected to the Okta app to enter your PIN. Use the Okta Mobile PIN that you created.

      Okta PIN setting page.

    4. If your organization doesn’t use GSuite, skip to step 6. Otherwise accept the Privacy Policy and Terms of Service.

      GSuite privacy policy confirmation.

    5. Sign in to your company's account. Enter your credentials to access your organization and tap Next.

      G Suite sign-in page.

      The Google account page provides details about your new account and its administration

      Google account info.

    6. Tap Accept to agree to the Google Terms of Service.

      The OMM device enrollment is successful. Play for Work enablement starts. It can take a few minutes. If your device locks during the process, you have to re-enter your Okta Mobile PIN.

      To access Play for Work, tap the Menu icon in the top-left corner. Then, tap Play for Work in the sidebar.

      Successful enrollment confirmation page.

    7. Tap to accept the Terms of Service.

      Google Play terms of service.

    8. To access Play for Work, tap the Menu icon in the top-left corner.
    9. Tap Play for Work in the sidebar. In the Play for Work app store, you find all your mobile-enabled applications.

      List of apps.

    10. Tap any app to go to its detailed page.
    11. Tap Install.

      OMM application example.

    12. After the app is installed on the device, tap Open to configure the native app for the device.

    Samsung SAFE Enrollment

    If you’re using a Samsung device that doesn’t support Android for Work, follow these steps.

    1. The Samsung Knox Privacy Policy appears. Tap Accept to continue.
    2. An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue. On the Mobile Apps Store page, you find apps that are assigned to you by your administrator.

    3. Tap Install to go to the app's page on the Google Play Store, then Tap Install to install it on your device.

      Apps page on the Google Play store page.

    Native Android Enrollment

    If you’re using a non-Samsung device that doesn’t support Android for Work, follow these steps.

    1. Enroll in OMM to access your company's resources. Tap Enroll to continue. The Activate device administrator? page describes the permissions of your device admin.
    2. Tap Activate. On the Mobile Apps Store page you find apps assigned to you.

      Screen cap of mobile apps store.

    3. Tap Install to go to the app's page on the Google Play Store, then tap Install to install it on your device.

      Example of application in the Google Play Store.

    Considerations:

    • If any of the apps exist on the device, they’re considered unmanaged and aren’t subject to Okta's security policies, they’ll however, show up on the Okta Apps store page. Remove any unmanaged versions of managed apps from your device, then reopen the Okta mobile app.
    • Your admin might have configured OMM so that documents in managed apps can only be opened by other managed apps installed on that device.

    Next steps

    When a new app is made available for you, that app automatically appears in the Mobile Apps Store on your device. Install it. You can uninstall a managed app at any time. Okta Mobility Management doesn’t prevent you from doing so.