SimpleMDM integrates with ADFS using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate an ADFS account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.
As the ADFS user interface may change, this reference has been written to provide a general process for getting up and running.
First, sign into SimpleMDM and navigate to the SAML integration screen and enable SAML. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that ADFS will require.
Within the ADFS administrators interface, complete the following:
- Set the "Relying Party Identifier" to the "Audience" value listed in SimpleMDM
- Set the "SAML Assertion Consumer Endpoint" to the "SAML Consumer URL" value listed in SimpleMDM.
- Create a claim rule of type "LDAP Attribute" that sets the LDAP Attribute "Email-Addresses" to outgoing claim type "E-mail Address".
- Create a second claim rule of type "Transform an Incoming Claim" with "Incoming claim type" set to "E-Mail Address", "Outgoing Claim Type" set to "Name ID", and "Outgoing name ID format" set to "Email".
Be sure to complete the remaining steps by providing the necessary ADFS information to SimpleMDM in the SimpleMDM SAML setup interface.