Step 4: Configure authentication method through WebUI

Read this topic to learn how to configure SAML as the authentication method through WebUI.

Before you begin

  • With MCM v3.0, Okta is tested and supported as an identity provider for SAML authentication.
  • If your identity provider is other than Okta, to get Issuer and signOnURL information, refer to your SAML IdP's official documentation to create the required .json file and to download the certificate file.

About this task

To enable SAML based enrollment authentication, complete the following steps in WebUI.

Procedure

  1. Log in to WebUI as an administrator.
  2. Select Apps > MCM.
  3. Click Admin > MDM Servers > Manage Capability.
  4. Select Identity Server Configuration.
  5. Select AD/Open LDAP or Azure AD as the ID service.
  6. Select Enable SAML.
  7. For SAML Credentials, upload the JSON file with issuer and signOnUrl information in the following format: 
    { "issuer" : "http://www.okt.......ndV5d7",
"signOnUrl" : "https://dev-12345............WIBUg5d7/aln7rix.....FK5d7" }
    Note: See Step 2: Create SAML credentials file for detailed information on how to create the .json file.
  8. For SAML Identity Provider Certificate, upload the okta.cert file that you have downloaded in Step 3: Download SAML Identity Provider certificates from Okta server.
  9. If you have selected AD/Open LDAP as the ID service, provide the following mandatory information:
    • LDAP URL: Valid format is https://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    • LDAP Base DN: Valid format "dc=example,dc=org"
      Note: Configuring multiple Base DNs is not supported.
    • LDAP Bind User: The root point to bind to the server. For example, DC=mydomain,DC=mycompany,DC=com. "user@example.org"
    • LDAP Bind Password: Enter a string.
    Note: With MCM v3.0, you do not have to configure LDAP at the time of installing MDM Server. You can configure this through the Manage Capability screen. This gives you the options to select your identity server and authentication method after installing MDM Server.
  10. If you have selected Azure AD as the identity service, for Azure Credentials, upload the .json file in the following format.
  11. Once all the mandatory information is provided, the Deploy button is enabled. Click Deploy.

Results

SAML is configured as the authentication method along with the identity service that you have selected. Now, when a user hits the enrollment URL and click Enroll, the user is first authenticated via Okta before proceeding with the enrollment process.