Okta administration that fits in your pocket.
Suspend a compromised user, clear their sessions, toggle a network zone — biometric-confirmed, audit-logged, from your phone. The action set is gated by the Okta scopes your integration was granted.
In development · Coming soon to the App Store · Free with any Butterfly account when it launches · Pre-launch waitlist gets first TestFlight invites.
Preview of the in-development app.
What you can do from your phone
The action set is the result of a lot of customer interviews — basically, "what do you actually do from your phone when something goes wrong at 2am?"
Incident response
- →Suspend / unsuspend / deactivate users
- →Clear all active sessions
- →Toggle network zones for containment
Helpdesk
- →Send password reset emails
- →Expire passwords (force re-set)
- →Unlock locked-out accounts
Membership
- →Add or remove a group member
- →Assign or unassign a user to an app
- →Browse users, groups, apps, system log
Disaster recovery
- →Resilience score with factor breakdown
- →Drift detection (last 7 days)
- →One-tap backup, restore preview
Excluded by design
Mobile UX shouldn't make catastrophic mistakes easier. Three things that stay desktop-only:
Full org restore
Can touch thousands of resources. The companion will give you a read-only restore preview; execution stays desktop so you can review the dry-run diff first.
Create / delete user, group, app
Not enough screen real estate to review the implications of structural changes. Browse on phone, edit on desktop.
Policy edits
A wrong sign-on policy edit can take down your SSO for the entire org. That deserves the desktop UX, the diff view, and the ability to revert quickly.
Architecture and constraints
Capability-gated against your real Okta grants
After you pick a connection, the app asks Okta which scopes are actually live. Buttons you can't use stay visible with a lock icon — and the scope name. No bait-and-switch, no silent failures.
Biometric on every mutation
Even with a valid session, every action requires Face ID or Touch ID. Sessions get hijacked; device biometric is fresh consent. This is the bar 1Password and Stripe Card set.
Friction proportional to blast radius
Suspend → confirm → Face ID. Deactivate → type-the-user's-email → Face ID. Full org restore → not on the phone at all. Mobile UX shouldn't make catastrophic mistakes easier.
Audit-logged server-side
Every action — read or write — lands in your activity log with the actor, the target, the Okta status code, and the result. Same audit surface as the web app.
FAQ
When does it launch?
We're targeting an App Store launch later this year. Join the waitlist to get a TestFlight invite as soon as we open the beta.
What will it cost?
Free with any Butterfly account, including the free tier — same as the web app.
How will it sign in?
Same email-code flow as butterflysecurity.org. Your existing Okta connections, scope grants, and audit log will carry through.
Why isn't full restore on the phone?
Full org restores can touch thousands of resources. We're deliberately keeping that flow desktop-only so you can review the dry-run diff before executing. The companion will give you a read-only restore preview.
What about destructive actions?
Deactivate will require typing the user's email exactly to confirm, then Face ID. Delete user, delete group, and delete app are intentionally out of scope for the phone — those stay desktop-only.
Does it work for read-only Okta integrations?
Yes. The action set scales to whatever your Okta integration was granted. Read-only customers get the browse, search, and dashboard surfaces; the mutation buttons stay visibly locked with the missing scope's name.
Does this replace mobile.okta.com?
No. mobile.okta.com is for end users signing in to apps. Butterfly for Okta is for administrators taking action on the org.
Ready when the next incident is.
Free download. Free with any Butterfly account.
Download on the App Store