EMM Security with Multi-Factor Authentication and Single Sign-On

Enterprise setup where multiple business applications are used, often face data security and app management related issues. Company-wide security policies can ensure compliance, enhance security and also provide digital convenience for employees.

Two security policies which offer comprehensive, yet flexible business and data security are Single Sign-On and Multi Factor Authentication.

Single Sign-On (SSO) is an advanced authentication control technique which simplifies the login process,  allowing you access to multiple applications by logging in just once. Use of this SSO Identity Provider for login management enhances app & data security, increases user productivity and lowers the dependency on IT helpdesk.

Multi Factor Authentication (MFA) allows enterprises to add a layered authentication process by combining login credentials with independent identity elements. These independent identity elements come in the  form of security tokens like One-Time-Passwords (OTP) or biometric verifications. It is an easy and effective method to prevent security breaches and consequent account takeover through password exploitations.

SureMDM, a Unified Endpoint Management Solution (UEM) empowers enterprises to use SSO options to provide Multi Factor Authentication. It supports integration with multiple SSO identity providers,, including Microsoft ADFS, OneLogin and Okta. This results in an additional layer of security and centralized access control which eliminates the need for multiple login credentials.

 

Multi Factor Authentication (MFA) in SureMDM

Multi-Factor Authentication in SureMDM Provides:

  • An additional layer of authentication for enrolled device users.
  • Ensures only authorized users access corporate data.
  • Secure access to corporate apps, data, and extended network resources.
  • Portal users only have to enter one set of credentials to access web apps in the cloud.
  • Policy-driven password security to implement more demanding password policies, such as required length, complexity and restrictions.

 

Configure SureMDM with Okta

Okta is one of the single sign-on solution providers that allow users to log into a variety of systems using one centralized process and is one of the validated SSO providers with SureMDM.

To configure one of the SSO identity providers – Okta with SureMDM, following two steps are involved:

  •    Changes on Okta Server and setting up of Multifactor Authentication in Okta
  •    Changes on SureMDM Server

Changes in Okta Server and setting up of Multifactor Authentication in Okta

1. Login to Okta Server and click Admin.

Single Sign-On - Multi Factor Authentication

2. Click Add Applications.

Single Sign-On - Multi Factor Authentication - Add Apps

3. Click Create New App.

Single Sign-On - Multi Factor Authentication - Create New Apps

4. Select SAML 2.0 and click Create.

Single Sign-On - Multi Factor Authentication - SAML

5. Create a new app with name SureMDM.

Single Sign-On - Multi Factor Authentication - SureMDM

6. Click Next and navigate to SAML Settings, enter the following details:

Single Sign-On - Multi Factor Authentication - SAML Settings

  • Entity ID: urn:42gears:suremdm:SAML2ServiceProvider
  • Single Sign-On URL: https://yourcustomDNS.com/console/ssoconsumer/yourmdmaccountID

Note: If you do not use custom DNS, the URL would be https://suremdm.42gears.com/console/ssoconsumer/yourmdmaccountID

7. Click Next

Single Sign-On - Multi Factor Authentication - SAML

8. Select the first option and click Finish

Single Sign-On - Multi Factor Authentication - SAML Settings

9. Click View Setup Instructions

Single Sign-On - Multi Factor Authentication - Setup Instructions

10. Download the certificate and copy SAML Metadata from View Setup instructions link.
Single Sign-On - Multi Factor Authentication - View Setup

11. On Okta Server, click Security > Multi Factor Authentication > Edit > SMS Authentication > Save.

Single Sign-On - Multi Factor Authentication - Authentication

12. Click Applications tab and select SureMDM.

Single Sign-On - Multi Factor Authentication - Applications Tab

13. In Sign On Policy prompt, click Add Rule.

Single Sign-On - Multi Factor Authentication - Sign On Policy

14. Enter Rule Name and Conditions.

Single Sign-On - Multi Factor Authentication - Conditions

15. In Factor prompt, select the desired option and click Save.

Changes on SureMDM Server:

1. Login to SureMDM Web Console.

2. Go to Settings Account Settings > Enable Single Sign-On and enter the following details from your metadata file:

  • SSO type: Select Okta from SSO Type drop-down list.
  • Service Identifier: This value is present in setup instructions tab i.e. Identity provider issuer.

Example: http://www.okta.com/exk2kuyba0rCTZQOC1t7

  • Sign-On Service URL: This value is present in setup instructions tab i.e. Identity provider Sign-On URL.

Example: https://42gears123.okta.com/app/42gears1_suremdm_1/exk2kuyba0rCTZQOC1t7/ss o/saml

  • Logout Service URL: Same as sign on URL however change sso to slo.

Example: https://42gears123.okta.com/app/42gears1_suremdm_1/exk2kuyba0rCTZQOC1t7/slo/saml

  • Roles: Assign a Role based permission from the drop-down list.
  • Device Group Set: Assign a Device Group Set based permission from the drop-down list.
  • Jobs/Profiles Folder Set: Assign a Job Folder Set based permission from the drop-down list.

Learn how to create and customize admins’ permissions for enrolled devices based on Roles /Device Group Set/Jobs Folder Set.

SSO

3. Click Upload Certificate to upload the downloaded cer file in Step 10 of Changes in Okta Server and setting up of Multifactor Authentication in Okta.

4. Login to Okta and select the App name SureMDM.

or

 

Use this URL: https://yourcustomeDNS/console/ssologin/yourmdmaccountID

SureMDM’s integration with Multi Factor Authentication using Okta is now complete.

NoteYou can also specify Login to SureMDM when you login to Okta.

SureMDM does support other SSO identity providers like Microsoft ADFS, OneLogin as well. Click here to get in touch with one of our team for more information.

Leave a Comment