Enterprise setup where multiple business applications are used, often face data security and app management related issues. Company-wide security policies can ensure compliance, enhance security and also provide digital convenience for employees.
Two security policies which offer comprehensive, yet flexible business and data security are Single Sign-On and Multi Factor Authentication.
Single Sign-On (SSO) is an advanced authentication control technique which simplifies the login process, allowing you access to multiple applications by logging in just once. Use of this SSO Identity Provider for login management enhances app & data security, increases user productivity and lowers the dependency on IT helpdesk.
Multi Factor Authentication (MFA) allows enterprises to add a layered authentication process by combining login credentials with independent identity elements. These independent identity elements come in the form of security tokens like One-Time-Passwords (OTP) or biometric verifications. It is an easy and effective method to prevent security breaches and consequent account takeover through password exploitations.
SureMDM, a Unified Endpoint Management Solution (UEM) empowers enterprises to use SSO options to provide Multi Factor Authentication. It supports integration with multiple SSO identity providers,, including Microsoft ADFS, OneLogin and Okta. This results in an additional layer of security and centralized access control which eliminates the need for multiple login credentials.
Multi Factor Authentication (MFA) in SureMDM
Multi-Factor Authentication in SureMDM Provides:
- An additional layer of authentication for enrolled device users.
- Ensures only authorized users access corporate data.
- Secure access to corporate apps, data, and extended network resources.
- Portal users only have to enter one set of credentials to access web apps in the cloud.
- Policy-driven password security to implement more demanding password policies, such as required length, complexity and restrictions.
Configure SureMDM with Okta
Okta is one of the single sign-on solution providers that allow users to log into a variety of systems using one centralized process and is one of the validated SSO providers with SureMDM.
To configure one of the SSO identity providers – Okta with SureMDM, following two steps are involved:
- Changes on Okta Server and setting up of Multifactor Authentication in Okta
- Changes on SureMDM Server
Changes in Okta Server and setting up of Multifactor Authentication in Okta
1. Login to Okta Server and click Admin.
2. Click Add Applications.
3. Click Create New App.
4. Select SAML 2.0 and click Create.
5. Create a new app with name SureMDM.
6. Click Next and navigate to SAML Settings, enter the following details:
- Entity ID: urn:42gears:suremdm:SAML2ServiceProvider
- Single Sign-On URL: https://yourcustomDNS.com/console/ssoconsumer/yourmdmaccountID
Note: If you do not use custom DNS, the URL would be https://suremdm.42gears.com/console/ssoconsumer/yourmdmaccountID
7. Click Next
8. Select the first option and click Finish
9. Click View Setup Instructions
10. Download the certificate and copy SAML Metadata from View Setup instructions link.
11. On Okta Server, click Security > Multi Factor Authentication > Edit > SMS Authentication > Save.
12. Click Applications tab and select SureMDM.
13. In Sign On Policy prompt, click Add Rule.
14. Enter Rule Name and Conditions.
15. In Factor prompt, select the desired option and click Save.
Changes on SureMDM Server:
1. Login to SureMDM Web Console
2.Go to Settings > Account Settings > Enable Single Sign-On and enter the following details from your metadata file:
- SSO type: Select Okta from SSO Type drop-down list.
- Service Identifier: This value is present in setup instructions tab i.e. Identity provider issuer.
- Sign-On Service URL: This value is present in setup instructions tab i.e. Identity provider Sign-On URL.
Example: https://42gears123.okta.com/app/42gears1_suremdm_1/exk2kuyba0rCTZQOC1t7/ss o/saml
- Logout Service URL: Same as sign on URL however change sso to slo.
- Roles: Assign a Role based permission from the drop-down list.
- Device Group Set: Assign a Device Group Set based permission from the drop-down list.
- Jobs/Profiles Folder Set: Assign a Job Folder Set based permission from the drop-down list.
Learn how to create and customize admins’ permissions for enrolled devices based on Roles /Device Group Set/Jobs Folder Set.
3. Click Download Certificate to download the cer file and click Done.
4. Login to Okta, then use the below URL to login to MDM Server:
SureMDM’s integration with Multi Factor Authentication using Okta is now complete.
Note: You can also specify Login to SureMDM when you login to Okta.
SureMDM does support other SSO identity providers like Microsoft ADFS, OneLogin as well. Click here to get in touch with one of our team for more information.