You may have noticed that things look a little different. SimpleMDM is now part of the PDQ.com family and we are in the process of moving all of the SimpleMDM Knowledge Base articles to their new home. If you notice any links that are broken or if anything does not work as expected, please email email@example.com and let us know!
SimpleMDM integrates with OneLogin using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate a OneLogin account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.
As the OneLogin user interface may change, this guide has been written to provide a general process for getting up and running.
First, sign into SimpleMDM and navigate to the SAML integration screen. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that OneLogin will require.
- Select the option in SimpleMDM to enable SAML.
- As a OneLogin admin, create a new app. Search for an option named "SAML Test Connector (IdP)"
- Navigate to the "Configuration" tab.
- Enter the "Audience" value from your SimpleMDM account as the "Audience" in OneLogin.
- Enter the "SAML Consumer URL" from your SimpleMDM account as the "Recipient" in OneLogin.
- Enter a regular expression that will match the "SAML Consumer URL". For instance, "https:\/\/a\.simplemdm\.com\/" will match a consumer URL that starts with "https://a.simplemdm.com/".
- Enter the "SAML Consumer URL" from your SimpleMDM account as the "ACS (Consumer) URL" in OneLogin.
- Enter a regular expression for the beginning of your SAML Consumer URL under "ACS (Consumer) URL Validator". If your SAML Consumer URL begins with "https://a.simplemdm.com/", then "^https:\/\/a\.simplemdm\.com\/" will suffice.
- Enter the "Single Logout URL" from your SimpleMDM account as the "Single Logout URL" in OneLogin.
- Navigate to the "SSO" tab.
- Locate the "SAML 2.0 Endpoint (HTTP)". Enter this value as the "Endpoint URL" in SimpleMDM.
- Locate the "X.509 Certificate" section. Click "View Details". Copy the SHA fingerprint and enter this value as the "X.509 fingerprint or certificate" in SimpleMDM.
- Complete the remainder of the options in SimpleMDM.
Once this link has been established, you may need to assign users to the SimpleMDM app within OneLogin, depending upon your settings.