SimpleMDM integrates with OneLogin using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate a OneLogin account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.
As the OneLogin user interface may change, this guide has been written to provide a general process for getting up and running.
First, sign into SimpleMDM and navigate to the SAML integration screen. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that OneLogin will require.
- Select the option in SimpleMDM to enable SAML.
- As a OneLogin admin, create a new app. Search for an option named "SAML Test Connector (IdP)"
- Navigate to the "Configuration" tab.
- Enter the "Audience" value from your SimpleMDM account as the "Audience" in OneLogin.
- Enter the "SAML Consumer URL" from your SimpleMDM account as the "Recipient" in OneLogin.
- Enter a regular expression that will match the "SAML Consumer URL". For instance, "https:\/\/a\.simplemdm\.com\/" will match a consumer URL that starts with "https://a.simplemdm.com/".
- Enter the "SAML Consumer URL" from your SimpleMDM account as the "ACS (Consumer) URL" in OneLogin.
- Enter a regular expression for the beginning of your SAML Consumer URL under "ACS (Consumer) URL Validator". If your SAML Consumer URL begins with "https://a.simplemdm.com/", then "^https:\/\/a\.simplemdm\.com\/" will suffice.
- Enter the "Single Logout URL" from your SimpleMDM account as the "Single Logout URL" in OneLogin.
- Navigate to the "SSO" tab.
- Locate the "SAML 2.0 Endpoint (HTTP)". Enter this value as the "Endpoint URL" in SimpleMDM.
- Locate the "X.509 Certificate" section. Click "View Details". Copy the SHA fingerprint and enter this value as the "X.509 fingerprint or certificate" in SimpleMDM.
- Complete the remainder of the options in SimpleMDM.
Once this link has been established, you may need to assign users to the SimpleMDM app within OneLogin, depending upon your settings.