Learn how to build your app on Okta, fast. Quick Starts
Edit Page

Overview

Okta Mobile Connect enables SSO for native mobile apps that support SAML. Once users have established a session in Okta Mobile, logging in to mobile apps that support SAML and Okta Mobile Connect is as simple as entering an email address or company domain.

See the video below for a demonstration of how Okta Mobile Connect works:

If your app is already SAML-enabled

If your mobile app already supports logging in via SAML, it may already work with Okta Mobile Connect. Many ISVs with SAML-enabled mobile apps are able to work with Okta Mobile Connect without special modification.

To work with Okta Mobile Connect, your mobile app needs to meet the criteria below:

  1. It must support SAML authentication via an embedded web view that allows any URL to be called from inside the embedded web view.
  2. It must have a URI scheme registered for the app that only returns the app to foreground when called.

If your app meets these two criteria, you are encouraged to submit it to Okta for testing by sending an email to developers@okta.com with the following information:

  • The name of your mobile app.

  • The link to your app on the App Store:

    (For example: “https://itunes.apple.com/us/app/example/id123456789”)

  • The URI Scheme that returns this app to the foreground.

    (For example: “example://” )

  • Instructions for testing your app.

    Please provide any instructions and credentials needed to configure SAML. Okta will change the SAML settings in your app to point to testing servers.

If your SAML-enabled app does not work

The only way to be certain that your SAML-enabled mobile app works with Okta Mobile Connect is to have it tested by Okta.

With that in mind, here are the most common reasons why an existing SAML-enabled mobile app might not work with Okta Mobile Connect:

  • No URL Scheme is registered for the app.
  • Calling the URL Scheme for the app doesn’t simply return the app to the foreground. To work with Okta Mobile Connect your app must have a URL Scheme that returns your app to the embedded web view that handles SAML authentication. Calling the URL Scheme should be functionally equivalent to the user returning your app to the foreground.
  • The embedded web view for SAML authentication only allows specific URLs to be called in the embedded web view. The embedded web view must allow the okta:// and oktasso:// URL Schemes to be called.

If your app is not SAML-enabled

The first step in enabling support for Okta Mobile Connect in a mobile app is to add SAML support to that mobile app.

If your mobile app also has a website where users can log in, you should also consider adding SAML support to that website too.

Okta has documentation to help in both of these scenarios: