Configure Device Management for mobile devices

When evaluating an authentication policy that requires devices to be managed, Okta determines the management status of your targeted Android and iOS devices by verifying whether there's a key installed on the device which matches a key you generated through the Okta Admin Console and entered in your MDM software's managed app configuration.

Start this procedure

  1. In the Admin Console, go to SecurityDevice integrations.
  2. Click the Endpoint management tab.
  3. Click Add platform.

    If you add more than one configuration for the same type of platform, see Devices known issues.

  4. Select Android or iOS as applicable.
  5. Click Next.
  6. In Configure management attestation:
    1. Copy the provided Secret key to your clipboard by clicking the copy icon adjacent to the field. You'll enter the Secret key later in your MDM software's app configuration as described in Integrate Okta with your MDM software.

      Make a note of the provided Secret key value as this is the only time it will appear in Okta. If you generate a new Secret key by clicking Reset secret key, make sure to also update your MDM software configuration with the new key.

      The Device management provider field is pre-populated with the name of your MDM software but you can change it. The contents of this field are displayed to end users later when they enroll their device.

    2. In the Enrollment link field, enter a web address for redirecting end users with unenrolled devices. For example, you may want to redirect these users to a page with enrollment instructions or the enrollment page of your selected MDM software (assuming the MDM software supports web-based enrollment).
    3. Click Save.

Next steps