This article provides a brief overview of Okta's integration with Android for Work (AfW), and a description of the key features of this integration.
Okta and Google partnered to integrate Android for Work into Okta Mobility Management (OMM). The integration combines Android for Work's advanced security features with Okta’s provisioning and enterprise mobility management capabilities.
Together, OMM and AFW enable customers to:
- Create separate personal and enterprise work spaces
- Provision email access to Android for Work compatible devices
- Keep Active Directory passwords in sync with Microsoft Exchange ActiveSync (EAS) profiles
- Provision private mobile apps, as well as apps from the Google Play for Work app store
OMM and Android for Work’s unique integration takes advantage of Okta’s advanced provisioning capabilities to automatically create Google accounts for Android for Work users at enrollment (if necessary), simplifying the end user experience.
For more information see Google Android for Work
OS-based Separation of Personal and Corporate Apps Through Work Profiles
- Administrators control work profiles, which are kept separate from personal accounts, apps, and data. By default, work profile notifications and app icons have a red briefcase so they’re easy to distinguish from personal apps. Work profiles allow an IT department to securely manage a work environment without restricting users from using their device for personal apps and data.
- AfW requires and prompts for device encryption upon enrollment.
- For non-Google Apps organizations, AfW remotely configures ActiveSync mail through the Divide Productivity app.
- For Google Apps organizations, AfW allow for seamless access to Gmail and other native mobile Google apps.
Automatic App Provision/Deprovision
- Silently install and uninstall apps to the containerized workspace.
- On a selective wipe of the device, applications within Work Profile are automatically removed.
Google Play for Work
- Native apps are deployed through Google Play for Work.
Private App Store
Support for private apps allows organizations that build in-house applications to distribute their apps to Android for Work devices.
This makes it easy for developers to update and stage in-house apps directly to Google Play for Work. The developer no longer needs to hand the source file to the Okta admin or have access to the Okta console.
For more details see Private App Store.
Managed App Config
- Android for Work provides the ability to set policies on a per-application basis, where supported by the app. For example, an app could allow an IT administrator to remotely control the availability of features, configure settings, or set in-app credentials, to improve the end user experience.
Coming soon: support for setting up AfW in multiple domains
- The Divide app may prompt users for a password an additional time even if users entered it during enrollment.
- Commands (deprovision, remote lock, reset password, etc.) do not work for Samsung Galaxy devices.