iOS Device Group Management

Administrative Roles

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

This video segment shows how to add a user in SimpleMDM, add two-factor authentication, and integrate SimpleMDM with an identity provider app.

Keywords

  • Introduction
  • SimpleMDM
  • G Suite
  • iPhone
  • iPad
  • user
  • authentication
  • two-factor
  • integration
  • identity provider

About this video

Author(s)
Eric Butow
First online
20 December 2019
DOI
https://doi.org/10.1007/978-1-4842-4407-4_1
Online ISBN
978-1-4842-4407-4
Publisher
Apress
Copyright information
© Eric Butow 2019

Video Transcript

Ann MacPhail: In this first topic video, I’ll start by showing you how to add a user in Simple MDM and add two-factor authentication. If your company uses or wants to use an identity provider app to provide a single sign on for all your iPhone and iPad apps, this video will show you how to integrate SimpleMDM with an identity provider app. This video presumes that you’ve already configured your Apple iPhone and iPad network and have logged into SimpleMDM with your administrative account.

You should create a new administrative role to assign to another company employee in case that person is needed when you’re not available. Here’s how to add an administrator to your account. Click Settings in the menu. Now, click the Users’ menu option. Type the email address of the user you’d like to add. Select the appropriate user role. Now, click Invite User. SimpleMDM sends an invitation to the email address you entered. The recipient will have the option to create his own username and password to access your SimpleMDM account. After you’ve added an administrator account and any other user accounts with varying roles, you need to add two-factor authentication for all administrator accounts.

Two-factor authentication is a login method that adds a second step to identify who you are when you log in. The first factor you use in two-factor authentication is your password. The second factor you use is something that only you have. In the case of SimpleMDM, you use an authenticator app such as Google Authenticator on your iPhone or iPad. Here’s how to set it up. Click the user button in the top right area of the screen. Click User Settings. In the Security tab, you see the two-factor authentication section. Click Enable. Scan the barcode with your authenticator app of choice. For this example, I’m using Google Authenticator. When you’re done, click Continue. Now, enter the authenticator code from Google Authenticator into SimpleMDM and then click Enable. The next time you or another administrator who is activated two-factor authentication logs into SimpleMDM, the system asks for a six-digit authenticator number after entry of the username and password

You may have selected, or company policy requires that you use one suite of apps created by one company, so everyone who uses a company, iPhone or iPad, can share and view information easily. It’s cumbersome to set up user access for the app on every single iPhone and/or iPad that you manage. Fortunately, doing so as unnecessary thanks to Security Assertion Markup Language, which is better known by its acronym SAML. SAML is an open standard for sharing security information about identity, authentication and authorization across different systems. SAML provides a framework for implementing single sign on, also called SSO.

SimpleMDM support several different SAML apps including Okta, ADFS and OneLogin. You can find more information about using SimpleMDM with these SAML apps on the admin documentation web page that you can access at the bottom of the SimpleMDM website homepage. SimpleMDM also supports G Suite produced by Google, which is a popular app because G Suite not only includes a full suite of productivity apps such as a word processor, but also integrates with MDM systems using SAML, so large numbers of devices can use G Suite apps.

This video shows you how to set up SimpleMDM to use with G Suite. These instructions presume that you’re already signed into your SimpleMDM administrator account in one browser tab and that you’re logged into your G Suite administrator account in another tab. In the SimpleMDM webpage, click Settings in the menu and then click Users. Click the Settings tab. Scroll down the page, and then type a short name that is part of your SAML sign in URL in the short name box. The name must be at least four characters long. When you’re finished, click Save. The SimpleMDM information for the SAML app appears within the SimpleMDM information section.

Switched to the G Suite admin console browser tab. Click Apps, click SAML apps. Now click Add a service or app to your domain. In the next screen, click Setup my own custom app at the bottom of the webpage. The next webpage provides information about the G Suite SAML interface, as well as the SSO URL. Select this URL, copy it, switched to the SimpleMDM tab, and then paste the URL into the end point URL box. Switch back to the admin console tab. Underneath the certificate name, click Download.

After the G Suite certificate has been downloaded to your windows or Mac computer, open the certificate with a text editor such as Notepad in Windows or Notes on your Mac. In the certificate file, select and copy the text between the Begin Certificate and the End Certificate text. Switch to your browser. Now open this SimpleMDM tab and then paste the text into the X.509 fingerprint or certificate box. Switch to the admin console tab. Click Next. Now G Suite asks how you want to identify the SimpleMDM app. In the Application name box, type SimpleMDM. G Suite allows you to write a description and add a logo for the app, but I’ll skip that, and click Next.

Switch to the SimpleMDM tab. Select and copy the text in the SAML Consumer URL box. Now switch to the admin console tab, paste the text into the ACS URL box. In the Entity ID box, type SimpleMDM. Switch to the SimpleMDM tab. Select and copy the text in the Sign in Portal URL box. Switch back to the admin console tab, paste the text into the Start URL box. Click Next and then click Finish. Click Okay. SimpleMDM is now enabled in G Suite for your network. Click Edit Service. Turn the service on for all your G Suite users by clicking On for Everyone, and then click Save. Switch to the SimpleMDM webpage, complete the remainder of the options in the user management settings page and click Save. Now when you switch to the G Suite browser tab, click Admin in the menu bar. Next, click Apps and then click SAML apps. SimpleMDM appears in the SAML apps list. If you don’t see the app, wait a minute or two for g suite to add SimpleMDM to the list.