Devices Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka00z000000y4desac&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fdevices-928174553
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Devices
Published: Jun 1, 2018   -   Updated: Jun 22, 2018

 

 

okta-doc-source

Devices

 

The Devices page displays all the devices in your org that have been enrolled in Okta Mobility Management. It provides a wide overview of the device population as well as device-specific data. It also includes a reporting option with .csv file output.

Note: The Devices menu is available to orgs that implement Okta Mobility Management (OMM).


View device data

You can view and search the status of the devices in your org, and deprovision or wipe (factory reset) them. You can also monitor all devices to determine if they are encrypted, have been jailbroken or rooted, or have been upgraded to the latest operating system version. You can deprovision OMM functions or wipe enrolled devices by clicking the icon in the Actions column.

Click a device to view its attributes and perform specific functions such as reset (Android) or clear (iOS) the device's passcode, remotely lock the device, and deprovision or wipe the device.

There are two was to access a device's Device Attributes page:

  • Directory > People > user > Mobile, then click a device.
  • Devices > Overview, then click the device in the Device Name & User column.

Wipe some or all data from a device

There are two data wipe options:

About Wipe Company Data

This option removes all managed apps and configurations and unenrolls the device from OMM. Devices wiped of company data are listed as Deprovisioned in the Status column of the upper dashboard and in the downloadable CSV report. When an end user is deactivated from Okta, their OMM-enrolled devices are automatically deprovisioned, and all company-managed apps and data are removed from the device in OMM. If the user is reactivated later, they must re-enroll their device. Wiping company data does not require end-user confirmation. After you wipe a device of company data, end users see the effects of the wipe the next time they sign in.

About Wipe All Device Data

This option removes all apps and data from the device and restores its factory settings. Like the Wipe Company Data option, this option also unenrolls the device from OMM. Devices wiped of all data are listed as Deprovisioned under the Status column. The device appears in the device report as Deprovisioned. If the user is reactivated later, they must re-enroll their device. Also note the following:

  • The Wipe All Device Data option is not available for devices enrolled in OMM through Android for Work.
  • You can disable the Wipe All Device Data option for iOS devices through mobile policy rules (Devices > Mobile Policies). For details, see Disable Device Wipe permission.

There are two ways to access data wipe options:

Wipe data from the Devices menu
  1. Go to Devices > Overview.
  2. Search for the device.
  3. Wipe some or all data from the Devices menu:
    • Wipe Company Data — In the Actions column, click the  WipeCompanyData_18x16 icon next to the device, then click Wipe Company Data in the window to selectively wipe only Okta-managed native apps. Personal apps, content, and settings are retained. (You can also do this from the Device Attributes page using the Device Actions drop-down menu.) Best practice
    • To unenroll an end user from OMM, first wipe all company data from the device through the Devices page. End users should not remove/unenroll OMM from their devices themselves because the Okta servers may never detect the removal (for example, if there is a poor network connection, or if the device is offline). This creates a scenario in which a deprovisioned device is still listed as enrolled on the Devices page. This scenario can occur regardless of a device's rooted or jailbroken status.

    • Wipe All Device Data — In the Device Name & Users column, click the  device name to access the Device Attributes page, click the Device Actions drop-down menu, and then click WipeDeviceData_17x16 to fully wipe all apps and data from the device and restore its factory settings.
Wipe company data through an end user's People page
  1. Go to DirectoryPeople.
  2. Click the end user whose device you want to wipe of company data.
  3. Click the Devices tab.
  4. Search for the device.
  5. In the Actions column, click the  WipeCompanyData_18x16 icon next to the device, then click Wipe Company Data in the window to selectivly wipe only Okta-managed native apps. Personal apps, content, and settings are retained. (You can also do this from the Device Attributes page using the Device Actions drop-down menu.) Best practice
  6. To unenroll an end user from OMM, first wipe all company data from the device through the Devices page. End users should not remove/unenroll OMM from their devices themselves because the Okta servers may never detect the removal (for example, if there is a poor network connection, or if the device is offline). This creates a scenario in which a deprovisioned device is still listed as enrolled on the Devices page. This scenario can occur regardless of a device's rooted or jailbroken status.

Note: When an end user is deleted from Okta, their devices no longer appear in the device report. For details about generating reports, see Reporting below.


Detect Jailbroken/Rooted devices

Okta provides Jailbreak (iOS) and Root (Android) detection for OMM devices.

  • Jailbreak Detection: If an iOS device has been jailbroken, it means your end user has installed unsupported software on their device to either run custom software without Apple's permission, or to pirate copies of software or in-app purchases.
  • Root Detection: If an Android device has been rooted, while it doesn't mean the end user has necessarily done anything inappropriate with their device, it does mean they have access to alter the firmware and/or OS that Google and the manufacturer/carrier shipped with the device.

You can determine from the Devices page whether a device has been jailbroken or rooted. Affected devices are indicated by an icon and label, as shown below:

JailbreakRoot_862x320

This kind of manipulation leaves devices more vulnerable to malware. You may want to deprovision it and/or assess the associated risks.


Clear or reset device passcodes

When passwords are lost or need to be reset for any reason:

  • For Android devices, the admin resets the passcode.
  • For iOS devices, the admin clears the passcode and the end user must set up a new one themselves within one hour.

Notes:

  • This option has a minimum requirement of Okta Mobile 1.2.8 for Android or Okta Mobile 4.2 for iOS.
  • iOS devices that have been rebooted or reset may not receive the Clear Passcode command if they do not have mobile data connections (3G, 4G, or LTE), as they do not automatically join WiFi connections until a passcode is entered. For more information, see this article.
  1. Go to Devices > Overview.
  2. Click the device whose password you want to clear or reset.
  3. On the Device Attributes page, click Device Actions on the upper-right side of the page.
  4. Click Clear Passcode (for iOS) or Reset Passcode (for Android).

iOS

For iOS devices, click Clear Passcode to confirm. From that point on, the end user has one hour to set a new passcode.

Android

For Android devices, enter the new passcode you want to assign to this device, then click Reset Passcode.

Important: If you are resetting the passcode of a Samsung SAFE or Native Android device, make sure that the passcode you enter complies with the General Android Device Passcode Requirements configured in the Platform Rule (Devices > Mobile Policies). Be aware that, even though you are not prevented from entering a non-compliant passcode in the New Passcode field and a success message may display after you click Reset Passcode, the non-compliant passcode will not work and the end user will not be able to access apps.

The following table details support for the Clear and Reset passcode options by Android device type and operating system version.

Support for Clear and Reset Passcode options, Android devices

Device and passcode typeOperating system
Android OS earlier than 7.0Android OS 7.0+
Device Passcode:
Android for Work
Not supported Not supported
Profile Passcode:
Android for Work
n/aNot supported
Device Passcode:
Non-Android for Work
(SAFE and Native)
Both options are supported by Okta

Clear Passcode option – Not supported; option is not available in the menu

Reset Passcode option – Supported, but see the Important note above.


Lock devices remotely

You can remotely lock a device. This option is useful when devices appear to be in an uncertain state but wiping (factory reset) is not warranted.

  1. Go to Devices > Overview.
  2. Click the device you want to reset.
  3. On the Device Attributes page, click Device Actions on the upper-right side of the page.
  4. Click Remote Lock.
  5. (Optional) Send a message and contact number to the device. For example, "Please return this phone to Vivek B" and a contact number.
  6. Click Remote Lock.

Generate a device report

To see granular data about each device, you can generate a report by clicking Download CSV. The resulting .csv file provides comprehensive per-device information, including device status, serial number, platform, device capacity (MB), and available device capacity (to name a few).

Android note: To provide users with greater data protection, starting in 6.0.x release, Android removes programmatic access to the device's local hardware identifier for apps using the Wi-Fi and Bluetooth APIs. For details, see this Android documentation.

CSV_report

Top