SureMDM empowers enterprises to use Single Sign-On (SSO) options to provide Multi-Factor Authentication (MFA). SureMDM supports integration with multiple SSO identity providers, including Microsoft ADFS, OneLogin and Okta.
Multi-Factor Authentication (MFA) in SureMDM
For these instructions, we will assume the user wishes to integrate SureMDM and Okta. The steps for other SSO providers will be similar. For any questions on variations, please email techsupport@42gears.com.
Part 1: Steps to set up Multi-Factor Authentication in Okta
1. Login to the Okta Server and click Admin.
2. Click Add Applications.
3. Click Create New App.
4. Select SAML 2.0 and click Create.
5. Create a new app and name it SureMDM.
6. Click Next, navigate to SAML Settings, and enter the following details:
- Entity ID:
urn:42gears:suremdm:SAML2ServiceProvider
- Single Sign-On URL:
https://yourcustomDNS.com/console/ssoconsumer/yourmdmaccountID
Note: If you do not use a custom DNS, the URL would be
https://suremdm.42gears.com/console/ssoconsumer/yourmdmaccountID
7. Click Next.
8. Select the first option and click Finish.
9. Click View Setup Instructions.
10. Download the certificate and copy the SAML Metadata from the View Setup instructions link.
11. On the Okta Server, click Security > Multi Factor Authentication > Edit > SMS Authentication > Save.
12. Click the Applications tab and select SureMDM.
13. On the Sign On Policy prompt, click Add Rule.
14. Enter Rule Name and Conditions.
15. On the Factor prompt, select the desired option and click Save.
Part 2: Steps to make changes in the SureMDM Server
1. Login to the SureMDM Web Console.
2. Go to Settings > Account Settings > Enable Single Sign-On and enter the following details from your metadata file:
- SSO type: Select Okta from the SSO Type drop-down list.
- Service Identifier: This value is present in setup instructions tab i.e. Identity provider issuer.
Example:
http://www.okta.com/exk2kuyba0rCTZQOC1t7
- Sign-On Service URL: This value is present in setup instructions tab i.e. Identity provider Sign-On URL.
Example:
https://42gears123.okta.com/app/42gears1_suremdm_1/exk2kuyba0rCTZQOC1t7/ss o/saml
- Logout Service URL: Same as sign on URL however change SSO to SLO.
Example:
https://42gears123.okta.com/app/42gears1_suremdm_1/exk2kuyba0rCTZQOC1t7/slo/saml
- Roles: Assign a Role (and associated permissions) from the drop-down list.
- Device Group Set: Assign a Device Group Set (and associated permissions) from the drop-down list.
- Jobs/Profiles Folder Set: Assign a Job Folder Set (and associated permissions) from the drop-down list.
Note: Learn how to create and customize admins’ permissions for enrolled devices based on Roles /Device Group Set/Jobs Folder Set.
3. Click Upload Certificate to upload the certificate file you downloaded in Step 10 of Part 1.
4. Login to Okta and select the app you named SureMDM.
or
Use the following URL:
https://yourcustomeDNS/console/ssologin/yourmdmaccountID
You have now successfully enabled SureMDM to use Okta’s Multi-Factor Authentication.
Note: You can also specify login to SureMDM when you login to Okta.
SureMDM supports other SSO identity providers like Microsoft ADFS, OneLogin, and others. Click here to get in touch with one of our team members for more information.