ADFS SSO SAML Integration - SimpleMDM

You may have noticed that things look a little different. SimpleMDM is now part of the family and we are in the process of moving all of the SimpleMDM Knowledge Base articles to their new home. If you notice any links that are broken or if anything does not work as expected, please email and let us know!

SimpleMDM integrates with ADFS using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate an ADFS account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.

As the ADFS user interface may change, this reference has been written to provide a general process for getting up and running.

First, sign into SimpleMDM and navigate to the SAML integration screen and enable SAML. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that ADFS will require.

Within the ADFS administrators interface, complete the following:

  1. Set the "Relying Party Identifier" to the "Audience" value listed in SimpleMDM
  2. Set the "SAML Assertion Consumer Endpoint" to the "SAML Consumer URL" value listed in SimpleMDM.
  3. Create a claim rule of type "LDAP Attribute" that sets the LDAP Attribute "Email-Addresses" to outgoing claim type "E-mail Address".
  4. Create a second claim rule of type "Transform an Incoming Claim" with "Incoming claim type" set to "E-Mail Address", "Outgoing Claim Type" set to "Name ID", and "Outgoing name ID format" set to "Email".

Be sure to complete the remaining steps by providing the necessary ADFS information to SimpleMDM in the SimpleMDM SAML setup interface.

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.