OMM – MacOS Management Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
OMM – MacOS Management
Published: Jul 20, 2016   -   Updated: Jun 22, 2018

Okta Mobility Management (OMM) now supports the MacOS (OS X) platform. OMM for MacOS enables customers to apply lightweight management and security controls on MacOS devices with easy self-enrollment for end users.

Admin Side Setup

  1. From the Okta admin Dashboard, navigate to Devices > Mobile Policies.

  2. You will need to setup an Apple Push Notification Certificate. The same certificates can be used for both iOS and MacOS platforms. See Configuring Okta Mobility Management for details.

  3. Select or create a mobile policy and then select Add Platform Rule to add an OS X rule. See Configuring Mobile Policies - EA for details.

  4. Once you have set up your policy to allow OS X devices to enroll, end users will be able to enroll their OS X macs (see below) and you will be able to see enrolled devices on the devices page.
  5. Review Known Issues before allowing end users to enroll.

Client Side Setup

Once you have completed the admin side setup, end users can enroll their Mac devices. To do so,

  1. Click the Secure my Mac button at the bottom of your dashboard, you'll be directed to the following landing page:

    User-added image

  2. If enabled by your Admin, you will see a User Agreement. Click Agree and download configuration file.

  3. A mobile configuration file is downloaded and you are prompted to locate and open it.

    User-added image

  4. Follow the prompts to go through the enrollment process.

    User-added image

  5. Once the profile is installed, you will see the following status:

    User-added image

    User-added image

Once enrolled, you will see the following Mac Enrolled message at the bottom of your dashboard:

User-added image

Known Issues

  • Once your Mac OS passcode policy is enabled, your end users are required to create/change a passcode for their device(s) in compliance with the policy. Mac OS does not allow for a push message to notify end users to create this passcode, but enforces it once their current password expires. We have reported this issue to Apple.

  • On OS X 10.11.4, if a passcode was not created before OMM enrollment, your users will be locked out if they sign-out of the device. If this occurs, an admin must sign-in to the device administrator account to reset the password for the user.   

    Inform your end users that a passcode must be created before clicking the Secure my Mac button on their Okta Dashboard. This requirement ensures that their passcode is in place before enrolling their device(s). If an admin account has already been established for this device, you can impose a passcode reset.