OneLogin SAML Integration

SimpleMDM integrates with OneLogin using the Security Assertion Markup Language (SAML) standard. This guide will explain how to designate a OneLogin account as a trusted identity provider (IdP) for authenticating administrators of your SimpleMDM account.

As the OneLogin user interface may change, this guide has been written to provide a general process for getting up and running.

First, sign into SimpleMDM and navigate to the SAML integration screen. This is currently under Settings > Users and then the "Settings" tab. This screen provides the information that OneLogin will require.
  1. Select the option in SimpleMDM to enable SAML.
  2. As a OneLogin admin, create a new app. Search for an option named "SAML Test Connector (IdP)"
  3. Navigate to the "Configuration" tab.
  4. Enter the "Audience" value from your SimpleMDM account as the "Audience" in OneLogin.
  5. Enter a regular expression that matches 
  6. Enter the "SAML Consumer URL" from your SimpleMDM account as the "ACS (Consumer) URL" in OneLogin.
  7. Enter a regular expression for the beginning of your SAML Consumer URL under "ACS (Consumer) URL Validator". If your SAML Consumer URL begins with "https://a.simplemdm.com/", then "^https:\/\/a\.simplemdm\.com\/" will suffice.
  8. Enter the "Single Logout URL" from your SimpleMDM account as the "Single Logout URL" in OneLogin.
  9. Navigate to the "SSO" tab.
  10. Locate the "SAML 2.0 Endpoint (HTTP)". Enter this value as the "Endpoint URL" in SimpleMDM.
  11. Locate the "X.509 Certificate" section. Click "View Details". Copy the SHA fingerprint and enter this value as the "X.509 fingerprint or certificate" in SimpleMDM.
  12. Complete the remainder of the options in SimpleMDM. 

Once this link has been established, you may need to assign users to the SimpleMDM app within OneLogin, depending upon your settings.

Feedback and Knowledge Base