Upload Private apps to an app store Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005uhqsaa&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fupload-private-apps-to-an-app-store-253588018
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Upload Private apps to an app store
Published: Jan 31, 2018   -   Updated: May 15, 2018

okta-doc-source

Upload Private apps to an app store

A private app is a native app (an internally developed enterprise app) that you create and distribute to your OMM-enrolled end users. End users obtain private apps from an app store accessible from their mobile device. (Mobile App store for iOS device end users; Play for Work for Android device end users.) If your app supports managed app configuration, see Managed Application Configurations to set up pre-configured key-value pairs that you can send to all managed apps installed by Okta Mobility Management (OMM).

Notes:

  • Private apps do not appear on end users' desktop Okta Home page.
  • Be aware of these differences between the distribution of Android and iOS apps:
    • Android apps – You can upload public and private apps to the Google Play Store and then link to them from within Okta for distribution to your end users.
    • iOS apps – You can upload only private, enterprise-signed apps to Okta for distribution to your end users.
Upload a private native app
Android

Before You Begin

Procedure

  1. From the admin Dashboard, go to Applications > Applications > Add Application, and then click Create New App.

  2. From Platform, select Native app.

  3. Select a Sign on method and then click Create.

    None

    Select None if you do not want to require credentials or any other sign on method to access the app.

    To configure: Under General Settings, enter a Name for the app, and then click Finish.

    SAML 2.0

    A SAML integration provides Federated Authentication standards that allow end users one-click access to the app.

    To configure:

    1. Under General Settings, enter a Name for the app, then click Next
    2. Configure your SAML authentication settings, then click Finish.
    OpenID Connect

    OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It verifies end-user identity and obtains profile information.

    To configure:

    1. Under General Settings, enter an ApplicationName for the app, then click Next.
    2. Under Configure OpenID Connect, add a Redirect UI, then click Finish.
  4. Click the Mobile tab.
  5. From the Add Native App drop-down menu, select Android App.

    PrivateApp2_500x258

  6. Private apps cannot exceed 4GB.

  7. In the Upload Mobile App screen, enter the App Package ID, then click Configure App.

    PrivateApp4

  8. Configure any other settings including Permissions (for details, see About Run Time Permissions below), then click Save.

    PrivateApp5_500x494

Your app now appears within the Native Application list under the Mobile tab. Once deployed, it's available to your end users.

  • AfW enrollments – For OMM-enrolled users with an AfW enrollment, the app appears in a store for managed apps. Screenshot

    AFW_PrivateApps

  • SAFE or Native enrollments – Private apps are not supported on Android SAFE or Native enrollment types.
iOS
  1. From the admin Dashboard, go to Applications > Applications > Add Application, then click Create New App.

  2. From Platform, select Native app.

  3. Select a Sign on method and then click Create.

    None

    Select None if you do not want to require credentials or any other sign on method to access the app.

    To configure: Under General Settings, enter a Name for the app, and then click Finish.

    SAML 2.0

    A SAML integration provides Federated Authentication standards that allow end users one-click access to the app.

    To configure:

    1. Under General Settings, enter a Name for the app, then click Next
    2. Configure your SAML authentication settings, then click Finish.
    OpenID Connect

    OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It verifies end-user identity and obtains profile information.

    To configure:

    1. Under General Settings, enter an ApplicationName for the app, then click Next.
    2. Under Configure OpenID Connect, add a Redirect UI, then click Finish.
  4. Click the Mobile tab.
  5. From the Add Native App drop-down menu, select iOS App.

    PrivateApp2_500x258

  6. Private apps cannot exceed 4GB.

  7. In the Upload Mobile App screen, browse to the App binary file.
  8. Click Save.

    PrivateApp3_500x476

  9. Configure any other settings including Permissions (for details, see About Run Time Permissions below), then click Save.

    PrivateApp5_500x494

Your app now appears within the Native Application list under the Mobile tab.

Once deployed, the app is available to OMM-enrolled iOS end users. Screenshot

iOS_PrivateApps

Other settings available for mobile apps are described in Enabling Access for Mobile Applications.

Update a private app for iOS
  1. Click Applications.
  2. Navigate to your private app.
  3. Click the Mobile tab.
  4. Click Edit
  5. From the Where is the app located drop-down menu, choose Update app to new version.
  6. Click Browse to find your .ipa file. Keep the following in mind before uploading the new version:

Your app must:

  • Have a matching bundle ID.
  • Have a valid provisioning profile.
  • Have a higher version number than the existing version of the app.
  • Use version numbers with integers only. (Example: Ver 2.1.1). Use of any alphanumeric characters results in an error.

Once the app is uploaded, your OMM-enrolled iOS device end users can update the app through the Mobile App Store in Okta Mobile.

End-User experience for updated apps on iOS

When an end user goes to the Mobile App Store through Okta Mobile, an Update section displays all apps with available updates.

  1. View the Update section.
  2. Tap the Update button of the app.
  3. After the updated app installs, the app icon moves from the Update section to the Installed Applications page. Screenshot

UpdateApps_212x374

App Security for iOS

Apps installed through the Mobile App Store are automatically secured through OMM and remain secured as long as the device is enrolled in OMM.

To secure an app installed outside of the Mobile App Store:

  1. Search for your app in the Mobile App Store.
  2. Select Secure.

If you uninstall the app, then re-install it through the Mobile Store, the app remains secured. The option to secure the app again appears only if you unenroll from OMM, then subsequently re-enroll. For details, see Enabling Mobile Access to Applications.

Installed apps that are not secured by OMM are displayed in a dedicated section of the page.

InstalledApps_OMM_250x311

About Run Time Permissions for Android for Work (AfW)

You can specify whether permissions are granted by the admin or the end user (access by the app to storage, phone, etc) are granted: by admin or end user.

  • You must specify permissions must before deploying the app.
  • If permissions for an app change, the app becomes inactive until an admin specifies new permissions.
  • If an org enabled an Android and/or Samsung SAFE app, and then later enabled AfW, all active Android apps become inactive until the admin approves their permissions.

Post a Comment