SimpleMDM integrates with Okta using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate an Okta account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.
As the Okta user interface may change, this guide has been written to provide a general process for getting up and running.
First, sign into SimpleMDM and navigate to the SAML integration screen. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that Okta will require.
- Select the option in SimpleMDM to enable SAML.
- As an Okta admin, create a new app. The platform should be "Web" and the Sign on method should be "SAML 2.0".
- When prompted for SAML settings, enter the "SAML Consumer URL" from your SimpleMDM account as the "Single sign on URL" in Okta.
- Check the box "Use this for Recipient URL and Destination URL".
- Enter the "Audience" value from your SimpleMDM account as the "Audience URI (SP Entity ID)" in Okta.
- Continue through the screens until you see an option to view the SAML 2.0 setup instructions. In the current version of Okta, This is under the "Sign On" tab for the SimpleMDM application details screen we just created.
- From the instructions page, locate the "Identity Provider Single Sign-On URL". Enter this value as the "Endpoint URL" in SimpleMDM.
- Copy the contents of the "X.509 Certificate". Enter this value as the "X.509 fingerprint or certificate" in SimpleMDM.
- Okta does not currently support IdP-initiated single logout so keep this value empty within SimpleMDM.
- Complete the remainder of the options in SimpleMDM.
Once this link has been established, you may need to assign users to the SimpleMDM app within Okta, depending upon your settings.