Skip to main content

PingOne

This strategic approach seamlessly integrates PingOne capabilities with the 42Gears UEM Agent, maintaining the right balance between user convenience and enterprise security.

The integration begins by configuring PingOne as a SAML Identity Provider (IdP) to enable Shared Device Mode. This includes creating a custom SAML application in the PingOne Admin Console, setting authentication parameters, and managing user access through PingOne groups and role-based policies.

The setup then extends into the SureMDM and SureLock applications, creating a unified authentication experience that simplifies access while safeguarding shared device environments.

The integration process consists of three main steps:

  • Configure PingOne for SAML Integration

  • Configure Shared Device Mode in SureMDM

  • Configure SureLock Settings

Step 1: Configure PingOne for SAML Integration

  1. Log in to the Ping Identity Admin Console.

  2. Go to Applications and click Add Application.

  3. Enter the Application Name and Description.

  4. Select SAML Application > Manually Enter.

  • Enter the following details:

    • Entity ID:
      urn:42gears:suremdm:SAML2ServiceProvider

    • ACS (Consumer) Service:
      https://<Account_URL>/sharedsaml?id=<Account_ID>

note

In the above example, <Account_ID> & <Account_URL> represents your SureMDM account ID.

  1. Click Save, then go to Configuration.

  • Copy the following values:

    • Issuer ID

    • Single Sign-On Service

    • Single Logout Service

  • Download the certificate by clicking Download Signing Certificate.

  1. Navigate to Identities > Users.
  • Enable the required user(s).
  1. Go to Groups > Add Group.

  • Enter Group Name and Description.

  • Select the population as Administrators Population.

  • Click Save.

  1. Select the created GroupUsersEnable the Users.

  2. Navigate to Groups > Manage Groups.

  • Select the group and click Save.

Step 2: Configure Shared Device Mode in SureMDM

  1. Log in to the SureMDM Console.

  2. Navigate to Settings > Account Settings > Shared Device Mode.

  3. Set Authentication Type to SAML Authentication.

  4. Enter the respective values copied from PingOne:

    • Service Identifier = Issuer ID

    • Sign-On Service URL = Single Sign-On Service

    • Logout Service URL = Single Logout Service

  5. Upload the certificate downloaded in Step 5.

  6. Click Apply to save.

Step 3: Configure SureLock Settings

  1. In the SureMDM Console, go to the Jobs section.

  2. Click New Job > Android > SureLock Settings Job.

  3. Scroll to Shared Device Mode and enable it (disabled by default).

  4. Create a Profile in the Profile Management section.

note

The Profile Name should match the Display Name of the user in PingOne.

  1. Under User Authentication, click Server Configuration.

  2. Select Use Config from SureMDM Server and click Save.

  3. Push the SureLock Settings Job to the required devices.

alt text

On the device:

  • Launch SureLock and tap Launch.

  • Enter the Username and Password.

  • The user will be successfully logged into Shared Device Mode.

alt text