Home
Installation and Configuration
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
SAML-authentication configuration
MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
Key terms
Read this section to get familiarized with the terms used in SAML-authenticated enrollment.

Installation and Configuration
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
- MCM and BigFix Mobile server and components installation
- Identity service configuration
  Starting from UEM3.0, MCM extends the capability to identify and manage devices based on users. The users can be identified based on their associated attributes including names, roles, group memberships, distribution list memberships, or physical locations. The devices identified based on users can then be targeted and managed through various configurations to provide conditional access and ensure compliance, endpoint security, and App protection.
- Simple Certificate Enrollment Protocol (SCEP) configuration
  BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- Domain join installation and configuration
  Read this section to learn the prerequisites and the tasks to install ODJ service to set up your environment to enroll Windows devices and join Active Directory domain or both Active Directory and Azure AD domain.
- SAML-authentication configuration
  MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
  - Key terms
    Read this section to get familiarized with the terms used in SAML-authenticated enrollment.
  - Step 1: Add BigFix MCM for SAML authentication
    Learn how to add MCM and BigFix Mobile for SAML authentication in Okta.
  - Step 2: Create SAML credentials file
    Read this topic to learn how to get issuer and sign-on URL information from the Okta server and create a .json file to upload to WebUI while configuring SAML authentication.
  - Step 3: Download SAML Identity Provider certificates from Okta server
    Read this topic to download okta.cert file to authenticate Okta as the SAML Identity Provider.
  - Step 4: Configure authentication method through WebUI
    Read this topic to learn how to configure SAML as the authentication method through WebUI.

SAML Key terms

Read this section to get familiarized with the terms used in SAML-authenticated enrollment.

Table 1.
Key term	Description
Assertion Consumer Service (ACS)	The URL location where the SAML assertion is sent.
EntityID	A globally unique name for the SP. Formats vary, but it’s increasingly common to see this value formatted as a URL.
Identity Provider (IdP)	Performs authentication and passes the user's identity and authorization level to the service provider.
RelayState	Deep linking for SAML. This tells the SP where to take the user once they have successfully logged in.
Security Assertion Markup Language (SAML)	It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).
Single Sign-On (SSO)	Single Sign-On (SSO) is an authentication mechanism that allows users to use a single set of login credentials to access multiple software applications or services.
Service Provider (SP)	Trusts the identity provider and authorizes the given user to access the requested resource.