This article explains the Okta Mobile Management (OMM) End-of-Life behavior as well as the most frequently asked question.

• Okta Mobile Management
• Okta Classic Engine

In 2018, Okta announced End of Support for Okta Mobility Management (OMM). At this time, we announced our intention to limit investment in OMM, while still allowing existing customers to utilize OMM for the duration of their contract and future renewals. 

If you are actively using Okta Mobility Management, please read this article which covers the detail on Okta Mobility Management End of Life.

In order to keep delivering innovative features of the Okta Devices Platform Service, we will end of life Okta Mobility Management on August 1, 2023. Okta planned for the EOL for OMM to occur on November 1, 2022 and had sent out multiple communications to customers leading up to that date.  Okta is now completing the EOL process. After August 1, 2023, OMM will no longer be available and to stop working in the Admin Console and on enrolled devices.  If you are an existing Okta Mobility Management customer, please read through this FAQ to learn more about what this means for your org. 

Q: What is Okta’s devices strategy? 

A: Users expect access to their corporate apps from anywhere, on any device—and they expect the experience to be seamless and modern. IT needs to make sure that corporate data is secure while enabling users to stay productive. In today’s perimeter-less world, the threat surface area is increasingly complex and sophisticated and our customers are looking to Okta to provide intelligent, contextual access controls that embrace mobile access.

We believe the best way to address the needs of customers and secure device-based access is to leverage our vendor neutral position and focus resources on building tight integrations with the leading device management solutions from VMware, MobileIron, Microsoft and more.  

By tightly integrating with the leading Enterprise Mobility Management (EMM) products, we believe Okta can deliver our customers a seamless, best-in-class contextual access management solution that will give our customers the broadest set of access controls over the devices used to access their corporate apps while still delivering the delightful user experience they expect from Okta. 

Over the past few years, our team’s devices development efforts have been focused on:

• Providing our customers with the most flexible and intelligent contextual access management solution that embraces 3rd-party device trust as a critical policy component.
• Developing a broad set of integrations with leading device management vendors (e.g. VMware, MobileIron, Microsoft, and JAMF) that will allow our customers to select their EMM vendor of choice.
• Delivering a secure, passwordless experience for users that rivals the Okta desktop experience.
• Registering devices to Okta’s Universal Directory to take device-specific actions (suspend and delete individual devices)
• An enhanced Okta Verify app that acts as the underlying integration layer for features like Okta FastPass, Endpoint Security Integrations and more.

You’ve seen this focus materialize in the product as Okta’s Device Platform Service, enabling features like Device Trust, Okta FastPass, Limited Access and more. 

Our team is committed to continue delivering on device-based access capabilities without the need for Okta to act as the endpoint management vendor. 
 

Q: Our Okta Mobility Management contract has already expired, what does that mean for us?

A: Customers still using OMM with an expired contract need to transition to another MDM/EDM solution by August 1, 2023 or prepare to lose functionality. 

Q: I am currently using Okta Mobility Management. What options do I have for renewal?

A: If you are an existing Okta Mobility Management customer and have a renewal coming up, you may renew Okta Mobility Management through August 1, 2023. If you’d like to swap the remaining value of your Okta Mobility Management contract for another product prior to the EOL date, please speak with your account team. 

If you are an existing Okta Mobility Management customer and have a subscription term for Okta Mobility Management that goes beyond August 1, 2023, the following options are available: 

1. Okta will apply the unused paid value of your Okta Mobility Management contract towards another product in your Okta subscription. 
2. Okta will refund you the unused paid value of your Okta Mobility Management contract. 

If neither of the two options presented above is suitable for your organization, please contact your Okta account team. 
 

Q: Will the Okta Mobility Management administration console be removed at the end of our contract date? 

A: Yes, after your contract end date (and only then), we will automatically unenroll any remaining devices from Okta Mobility Management, and remove the Okta Mobility Management product SKU from your Okta org. This will also remove the Okta Mobility management admin console from your Okta org. We will not remove Okta Mobility Management from your Okta org prior to your contract end date.
 

Q: What happens to devices enrolled in Okta Mobility Management at the end of our contract date? 

A: At the end of your contract date, all remaining devices enrolled to Okta Mobility Management will be automatically unenrolled, and the Okta Mobility Management console will be removed from your Okta org. 
 

Q: Will Okta remove the Okta Mobility Management console automatically at the end-of-life date (August 1, 2023)? 

A: Okta will only remove Okta Mobility Management from your org once you reach your contract end date. 
Some customers may have contract terms for Okta Mobility Management past the end-of-life date of end of August 1, 2023. If you fall under this category and have chosen not to use the unused paid value of your contract towards another product or receive a refund, Okta will not remove Okta Mobility Management from your Okta org until your initially agreed upon end of contract date. 

Once the end of contract date is reached, Okta will remove any remaining enrolled devices from Okta Mobility Management, and the Okta Mobility Management admin console will be removed from your Okta org.
 

Q: Our renewal is coming up and we do not plan to renew our contract through the end of life date. What steps should we take now to stop using Okta Mobility Management? 

A: Please take the following steps to stop usage of Okta Mobility Management: 

1. (Optional) Notify your users that the Okta Mobility Management profile will be removed from their devices. 
2. Remove all enrolled devices through the admin console. 
3. (Optional) If you still require an endpoint management solution, consider utilizing Okta’s Device Trust feature, which allows organizations to ensure that users can only access Okta-managed apps from a managed device.

Q: What happens to devices that may still be enrolled to Okta Mobility Management past my contract end date and I no longer have access to the Okta Mobility Management console? 

A: Okta will automatically unenroll devices on your behalf after your end of contract date. In scenarios where a device is unreachable (ie device is offline), the OMM profile will remain on the device. The profile on these devices will need to be manually removed in order to be managed by another endpoint management solution.

While OMM will no longer work on enrolled devices, some users may need to take the following actions to remove OMM manually from the device. This is not something that Okta can do through automation, users need to take the action themselves:

On Android:

1. Go to “accounts and passwords” in settings.
2. Click “delete work profile”.

1. Go to “Settings” app
2. Go to “General” > “VPN & Device Management” > Remove Profile

Q: What vendors does Okta suggest as an alternative to Okta Mobility Management? Do these vendors integrate with Okta in any way? 

A: Okta’s preferred endpoint management partner is VMware Workspace ONE. Utilizing 

VMware Workspace ONE, customers can take advantage of use cases such as - 

• Ensuring only managed devices can access apps managed by Okta
• Enabling passwordless authentication on managed devices
• Prompting for MFA on unmanaged devices
• Resetting your Okta password from the Workspace ONE dashboard

You can read more about the Okta + VMware integration here. 

Q: Is VMware Workspace ONE the only endpoint management solution Okta integrates with? 

A: No, customers can choose to use any endpoint management solution as a replacement to Okta Mobility Management. For customers looking to integrate their endpoint management solution with Okta for Device Trust use cases, see our Device Trust documentation for details. 

Note: With the release of Okta’s identity engine in H2 of 2021, customers will have even more flexibility in deploying device-based access use cases. You can find more detail on updates coming with the identity engine here. 

Q: Will Okta Mobility Management be supported on Okta’s identity engine? 

A: No, Okta Mobility Management will not be supported on Okta’s identity engine. 

Q: What impact does the end of life have on the Okta Mobile app? 

A: Okta Mobility Management EOL does not have any impact on the Okta Mobile app. 

Q: I have more questions, who do I call? 

A: Please reach out to your Okta account team if you have any additional questions.