Configure Device Management for mobile devices
When an authentication policy requires devices to be managed, Okta determines the management status of the targeted Android and iOS devices. Okta checks whether there's a key installed on the device. This key must match a key you generated on the Admin Console and entered in your MDM software's managed app configuration.
Start this procedure
- In the Admin Console, go to .
- Click the Endpoint management tab.
- Click Add platform.
If you add more than one configuration for the same type of platform, see Devices known issues and workarounds.
- Select Android or iOS as applicable.
- Click Next.
- Configure the management attestation:
- To use a new secret key, keep the default setting. If you already have a secret key that you want to use, select Use existing key.
If you use a new key, Okta generates it for you.
If you use an existing key, enter it in the Secret key field. Ensure that the key was previously generated by Okta or meets these requirements:
It has 8-256 alphanumeric characters.
It's a mix of uppercase and lowercase letters and symbols.
- Copy the provided secret key to your clipboard by clicking the copy icon
next to the field. You enter the secret key later in your MDM software's app configuration as described in Integrate Okta with your MDM software.
Make a note of the provided secret key value as this is the only time it appears in Okta. If you generate a new secret key by clicking Reset secret key, make sure to also update your MDM software configuration with the new key.
The Device management provider field is pre-populated with the name of your MDM software but you can change it. The contents of this field are displayed to end users later when they enroll their device.
- In the Enrollment link field, enter a web address for redirecting end users with unenrolled devices. For example, redirect users to enrollment instructions or the page of your MDM software (assuming the MDM software supports web-based enrollment).
- Click Save.