Limit access to SAML application to OMM enrolled devices only. Skip to main content
https://support.okta.com/help/answers?id=9062a000000qudoqak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Peter PodlesnyyPeter Podlesnyy 

Limit access to SAML application to OMM enrolled devices only.

I'm trying to create a sign-on policy for a SAML app that will only allow access from devices that have been enrolled into OMM.  Currently a user can hit "dismiss"  at the enrollement prompt and still acess the app with Okta Mobile app.  Is there a way to block until a user sucessfully enrolls?
Srinivasa GayamSrinivasa Gayam
They gave a demo of this at Oktane17 with Salesforce app where a user is forced to enroll the device to access the app. I believe they mentioned this works even if you have a third party MDM. Not sure if this was in beta or EA but you may want to reachout to Okta.
Peter PodlesnyyPeter Podlesnyy
Hmm... so it doesn't sound like it's a feature that's built into Okta MDM (since third party MDM can be used)?  Were they talking about pushing out a client-side cert with MDM and then having Adaptive Multi Factor feature that's supposed to check for the presence of that client cert?  
Srinivasa GayamSrinivasa Gayam
I believe the feature is call "Device Trust". Do a google search on this and Okta and you will see some Okta links and examples. https://help.okta.com/en/prod/Content/Topics/Mobile/Okta_Mobile_Device_Trust_O365_EAS_iOS.htm
Peter PodlesnyyPeter Podlesnyy
Yeah... I'm familiar with device trust.... We're currently testing it and it's only for windows (currently) hence doesn't solve the Android / IOS problem. If you can think of anything else that might work for mobile devices just holar. I'm surprised this hasn't come up more often for paid mdm product... Again thanks for your response! Sent from my Android phone using TouchDown (www.symantec.com)