Okta Mobility Management End-User Setup Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005uipsaq&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fokta-mobility-management-end-user-setup-947999694
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Okta Mobility Management End-User Setup
Published: Jan 31, 2018   -   Updated: May 15, 2018

okta-doc-source

Okta Mobility Management End-User Setup

Overview

The Okta Mobility Management (OMM) program secures your mobile device and configures it to access your work email, calendar, contacts, and applications. During enrollment you are prompted to set a PIN or password on your mobile device. The Okta policy allows for a 4-digit pin.

OMM_End_User_1

Your privacy is very important to Okta. Corporate data is protected while your personal data remains separate and not accessible to your organization. We only manage information that is required to secure and protect corporate data.

The following list shows what we can and cannot manage:

What OMM Can SeeWhat OMM Cannot See
Device NamePersonal Mail, Calendars, and Contacts
*Phone NumberSMS or Text Messages
Serial NumberBrowser History
Model Name and NumberFaceTime or Phone Call Logs
Capacity and Space AvailablePersonal Reminders and Notes
OS Version NumberFrequency of All Use
**Names of Installed AppsDevice Location

*As derived from company directories, not from the phone.

**For personal apps, OMM can only see the names, but none of the content of the apps.

Okta Mobility Management can deprovision only your work accounts and work applications, and only in accord with a special request with IT. If your device is stolen, you can factory-reset it to erase all of its contents. Note that your IT department can also factory-reset your device.

The following procedures assume that you are currently an Okta user and assigned to a group that includes a mobile policy.


Setting up Okta Mobility Management on your iOS devices
  1. Install the Okta Mobile application on your iOS device.
  2. Tap the Okta Mobile app, then sign in to Okta Mobile:

    Note: For Oktapreview tenants, enter the entire URL in the Site name field (for example: https://yourcompany.oktapreview.com).


    SignINPage_new_218x384
  3. If your organization has set up two-factor authentication, you are prompted to verify your account using Okta Verify or by sending a code to your phone.

    OMM Screenshot 1 iOS_218x384
  4. Set up and confirm a new Okta Mobile PIN:

    MobilePin_218x384

    Okta recognizes that the device and Org are both configured and eligible for Okta Mobility Management (OMM) and automatically prompts you for enrollment.

  5. You are prompted to secure your device in order to access work resources. Tap Get Started to begin your enrollment.

    OMM Screenshot 2 iOS_218x384
  6. During the installation process, follow the onscreens prompts:

    Note: You may be prompted to enter your device's pin.

    • Install the Okta OTA Device Attribute Request.

      OMM Screenshot 3 iOS_218x384
    • The Install Profile screen. Tap Install to continue.

      OMM Screenshot 4 iOS_218x384
    • A Warning screen. Tap Install to continue.

      OMM Screenshot 5 iOS_218x384
    • A Remote Management popup dialog asks if you trust this profile's source. Tap Trust:

      OMM Screenshot 6  iOS_218x384
  7. Once the installation is complete, you may be redirected to Safari. If this happens, tap Open to open Okta Mobile.

    OMM Screenshot 7 iOS_218x384
  8. The device is now enrolled in OMM and the Okta App Store is displayed.

    If you have been assigned any mobile-enabled applications, you will immediately see those apps listed in the Okta Mobile App Store. You still need to install each application.


    OMM Screenshot 9 iOS_218x384
  9. Install any app on your device by tapping INSTALL. Once an app is installed, the INSTALL button becomes an OPEN button. Tap OPEN to configure the native app for this device.

Note: If any of the apps already exist on the device, they are considered unmanaged and are not subject to Okta's security policies, but they will appear on the Okta Apps store page. You should remove any unmanaged versions of managed apps from your device, then reopen the Okta mobile app.

Note: Your admin may have configured OMM so that documents in managed apps can only be opened by other managed apps installed on that device. See iOS Data Separation for details.

Setting up Okta Mobility Management on your Android devices
  1. Install the Okta Mobile application on your Android device.
  2. Tap the Okta Mobile app, then sign in to Okta Mobile:

    Note: For Oktapreview tenants, enter the entire URL in the Site name field (for example: https://yourcompany.oktapreview.com).


    OMM Screenshot Android 1_218x384
  3. You may be prompted with MFA.

    OMM Screenshot Verify_218x384
  4. Set up and confirm a new PIN. Tap Done when complete.

    OMM Screenshot Android 2_218x384
  5. When prompted to secure your device in order to access work resources, tap Get Started > Secure now to begin setting up your work profile.

    Note: During the set up process you may be prompted for your device's pin.


    OMM Screenshot Android 3_217x384
  6. Perform the appropriate procedure for the type of enrollment you are doing:

    Android for Work Enrollment
    1. Follow the onscreen prompts to set up your work profile:
      • A Set up work profile screen. Tap Next.

        OMM Screenshot Android 5_218x384
      • A dialog describing the abilities and permissions of your admin. Tap OK to continue setting up your work profile.

        OMM Screenshot Android 6_218x384

        Note: If your device does not have a passcode, you may be prompted to set one.

        Note: If you have not encrypted your device, you may be prompted to do so. This may take an hour or more, so connect your device to a power source and make sure you have time to complete the process.

    2. After you have set up your work profile, you are redirected to the Okta app and prompted to enter your PIN. Use the Okta Mobile PIN you created.

      OMM Screenshot Android 7_218x384
    3. If your organization does not use GSuite, skip to step 6. If it does, you are prompted to accept the Privacy Policy and Terms of Service. Tap Accept to continue.

      OMM Screenshot Android 8_218x384
    4. You are prompted to sign in to your org account. Enter your organization credentials, then tap Next to continue.

      OMM Screenshot Android 9_218x384
    5. A Google screen appears describing the details of your new account and how it is administered. Tap Accept to agree to the Google terms of service and continue.

      OMM Screenshot Android 10_218x384
    6. Your device has been successfully enrolled in OMM, and the enablement process for Play for Work begins. This may take a few minutes. If your device locks during the process, you may have to re-enter your Okta Mobile PIN. You can then access Play for Work by tapping the Menu icon in the top left corner, then tapping Play for Work in the sidebar that appears.

      OMM Screenshot Android 11_218x384
    7. After Play for Work has been enabled, tap to accept the Terms of Service.>

      OMM Screenshot Android 12_218x384
    8. The Play for Work app store displays, with all the mobile-enabled applications you have been assigned.

      OMM Screenshot Android 13_218x384
    9. Tap any app to go to its detailed page, then tap Install to install it on your device. Once an app is installed, the Install button becomes an Open button. Tap Open to configure the native app for this device.

      OMM Screenshot Android 14_218x384
    Samsung SAFE Enrollment

    If you are using a Samsung device that does not support Android for Work, follow these steps.

    1. The Samsung Knox privacy policy appears. Tap Accept to continue.
    2. An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue.
    3. You are taken to the Mobile Apps Store, where you will see any apps your administrator has assigned to you.

      NativeAppStore_218x384
    4. Tap Install to be taken to the app's page on the Google Play Store, then Tap Install to install it on your device. Once an app is installed, the Install button turns into an Open button.

      PlayStoreOutlook_218x384
    Native Android Enrollment

    If you are using a non-Samsung device that does not support Android for Work, follow these steps.

    1. A dialog appears asking you to enroll in OMM for access to company resources. Tap Enroll to continue.
    2. An Activate device administrator? dialog describing the permissions of your device administrator appears. Tap Activate to continue.
    3. You are taken to the Mobile Apps Store, where you will see any apps your administrator has assigned to you.

      NativeAppStore_218x384
    4. Tap Install to be taken to the app's page on the Google Play Store, then tap Install to install it on your device. Once an app is installed, the Install button turns into an Open button.

      PlayStoreOutlook_218x384

Note: If any of the apps already exist on the device, they are considered unmanaged and are not subject to Okta's security policies, they will however, show up on the Okta Apps store page. You should to remove any unmanaged versions of managed apps from your device, then reopen the Okta mobile app.

Note: Your admin may have configured OMM so that documents in managed apps can only be opened by other managed apps installed on that device. See Android Data Separation for details.


Adding New Apps to your Device

When a new app is made available for you, that app automatically appears in the Mobile Apps Store on your device. Click INSTALL to install.

Note that you can uninstall a managed app at any time. Okta Mobility Management does not prevent them from doing so.

Post a Comment