OneLogin

This strategic approach seamlessly integrates OneLogin capabilities with the 42Gears UEM Agent, maintaining the right balance between user convenience and enterprise security.

The integration begins by configuring OneLogin as a SAML Identity Provider (IdP) to enable Shared Device Mode. This involves creating a custom SAML application in the OneLogin Admin portal, setting authentication parameters, and managing user access through roles and user assignments.

The setup then extends into the SureMDM and SureLock applications, creating a unified authentication experience that simplifies access while securing shared device environments.

The integration process consists of three main steps:

• Configure OneLogin for SAML Integration

• Configure Shared Device Mode in SureMDM

• Configure SureLock Settings

Step 1: Configure OneLogin for SAML Integration

1. Navigate to the OneLogin Portal and log in with your credentials.

2. Go to the Applications tab → Click Applications > Add App.

3. Search for SAML Custom Connector in the search bar.

   • Select SAML Custom Connector (Advanced).

   • Complete the required configuration changes, add a description, and click Save

4. Under the Configuration section, enter the following:

   • Audience (EntityID):
     urn:42gears:suremdm:SAML2ServiceProvider

   • ACS (Consumer) URL Validator and ACS (Consumer) URL:
     https://<Account_URL>/sharedsaml?id=<Account_ID>

     note

     <Account_URL> and <Account_ID> refer to your SureMDM account details.

   • The Single Logout URL and Login URL fields are optional. If you choose to use them, enter the same value as the ACS (Consumer) URL Validator. Otherwise, leave them blank.

5. Go to the SSO section.

   • Change SAML Signature Algorithm to SHA-256.

   • Click Save.

6. In the SSO section, under X.509 Certificate, click View Details.

   • On the new page, scroll down and download the X.509 PEM certificate.

7. Go to the Parameters section.

   • Set Credentials are to Configured by Admin.

   • Click Add to open the New Field pop-up.

   • Enter the Name and Value of the attribute.

   • Check Include in SAML assertion.

   • Click Save.

8. Return to the SSO section and copy the following values:

   • Issuer URL

   • SAML 2.0 Endpoint (HTTP)

   • SLO Endpoint (HTTP)

Step 2: Configure Shared Device Mode in SureMDM

1. Log in to the SureMDM Console.

2. Navigate to Settings > Account Settings > Shared Device Mode.

3. Set Authentication Type to SAML Authentication.

4. Enter the information captured in point 8 of Step 1:

   • Service Identifier = Issuer URL

   • Sign On Service URL = SAML 2.0 Endpoint (HTTP)

   • Logout Service URL = SLO Endpoint (HTTP)

5. Upload the certificate downloaded in Step 6.

6. Click Apply to save the changes.

Step 3: Configure SureLock Settings

1. In the SureMDM Console, navigate to the Jobs section.

2. Click New Job > Android > SureLock Settings Job.

3. Scroll to Shared Device Mode and enable it.

4. Create a Profile under the Profile Management section.

   note

   The Profile Name must match the Meta Tag used in the OneLogin portal.

5. Under User Authentication, click Server Configuration.

6. Select Use Config from SureMDM Server and click Save.

7. Push the SureLock Settings Job to the required devices.

   

On the device:

• Launch SureLock and tap Launch on the shared device mode login screen.

• Enter your Username and Password.

• You will be successfully logged into Shared Device Mode using OneLogin.