Limit access to SAML application to OMM enrolled devices only.
I'm trying to create a sign-on policy for a SAML app that will only allow access from devices that have been enrolled into OMM. Currently a user can hit "dismiss" at the enrollement prompt and still acess the app with Okta Mobile app. Is there a way to block until a user sucessfully enrolls?
They gave a demo of this at Oktane17 with Salesforce app where a user is forced to enroll the device to access the app. I believe they mentioned this works even if you have a third party MDM. Not sure if this was in beta or EA but you may want to reachout to Okta.
Hmm... so it doesn't sound like it's a feature that's built into Okta MDM (since third party MDM can be used)? Were they talking about pushing out a client-side cert with MDM and then having Adaptive Multi Factor feature that's supposed to check for the presence of that client cert?
I believe the feature is call "Device Trust". Do a google search on this and Okta and you will see some Okta links and examples. https://help.okta.com/en/prod/Content/Topics/Mobile/Okta_Mobile_Device_Trust_O365_EAS_iOS.htm
Yeah... I'm familiar with device trust.... We're currently testing it and it's only for windows (currently) hence doesn't solve the Android / IOS problem.
If you can think of anything else that might work for mobile devices just holar. I'm surprised this hasn't come up more often for paid mdm product...
Again thanks for your response!
Sent from my Android phone using TouchDown (www.symantec.com)