Original Author: Arturo Hinojosa, Sr. Technical Marketig Manager, Okta
One of the top requirements for any EMM solution when enabling BYOD is being able to keep enterprise data separate from personal data. Traditionally, EMM solutions have done through containerization. While that solution technically works, it creates friction with both end users and developers. For end users, it may require them to access email and data through proprietary applications, instead of the apps the want to use (their preferred email client, Box, etc.). For developers and ISVs, it may require them to author EMM vendor specific versions of their applications, complicating releases and maintenance.
When Okta designed Okta Mobility Management, we set out to create a solution that did not require any one to implement an Okta specific SDK, or force end users to use apps they didn't want. Instead, we protect enterprise data using the native security libraries built directly into the OS. For iOS, we take advantage of the managed open in policy. Enabling managed open in is easy.
Open the Mobile policy editor in the Okta admin console. The Mobile policy editor can be found by navigating to: Security > Policies > Mobile
From there, create or edit your mobile policy. This will launch the policy editor. In the policy editor scroll down to the DATA SEPARATION POLICY section. By simply checking the Deny unmanaged apps to open in managed apps check box for Open-in management setting, you can block unmanaged applications from appearing in the Open-in menu within a managed application. For example, a user cannot open or save a PDF attached to an email sent to a managed account in a personal app such as Facebook.
Okta Mobility Management has several security policies designed to help our customers offer BYOD to their end users without sacrificing security.