How to set up SAML Configuration on TinyMDM ?

How to set up a SAML configuration?

Prerequisite: be a TinyMDM account administrator and own a domain name.

Next, fill in your Domain Name. Regarding the following details: Entity ID, SSO URL, and Certificate, you must retrieve these directly from your SAML provider.
For example, for Google Workspace, you can find this information here. For Okta, you can find this information here.

Once all the info has been entered, click Confirm. Your SAML configuration will then appear on TinyMDM.
You must then return to your SAML provider’s website and enter the information displayed in your TinyMDM SAML configuration to confirm the setup.

Once the SAML configuration is complete, you can log in to your TinyMDM account by clicking on Unique authentication (SSO) without entering a password.

Enter the email address of the TinyMDM account you wish to add to your SAML configuration, then click Send invitation.
Important: only existing TinyMDM accounts can be invited. If the TinyMDM account has not been created yet, the administrator must create if beforehand.

The invited TinyMDM account administrator will then receive an email containing a login link. By clicking the link, they will be directed to the TinyMDM login page and must enter their usual username and password. Once logged into their TinyMDM account as an administrator, they must click on Accept Invitation to the SAML configuration.

By accepting, they will be able to see the SAML configuration, as well as the account owner of the configuration and the associated user accounts.
The next time they log in, they will be able to access their TinyMDM account via SSO authentication, without entering a password.

Prerequisites:

To create a manager who will log in via the SAML configuration, you must be a member of the SAML configuration, either as the owner or as a user.
To create a manager who will log in via the SAML configuration, their email address must use the same domain name as the one defined in the SAML configuration.

Log in to your TinyMDM admin console and go to the Managers and Structure tab.
If the manager already exists in the TinyMDM account, follow Step 1 below. If they have not been created yet, follow Step 2 below.

On the manager’s file, click the menu in the top-right corner and select SAML invitation.

The manager will then receive an email containing an invitation link. They must click the link and select Accept Invitation.

The next time they log in, the manager will be able to access their TinyMDM account by clicking on Unique authentication (SSO).

If you want to configure the SAML connection for an administrator who has not yet been created, you must click Add a manager.
Select the SAML connection method for this administrator.
You must fill in the Manager’s email field, as well as the Description and Manager group fields if necessary.
By default, the checkbox “Send an invitation email to the manager when submission is completed” is selected. This can be deselected if needed, and the email can be sent later.

Then click Next step. The administrator permissions page opens.
Check the box next to each action that the manager will be able to perform when logging into the administration console. All checked actions are considered permitted; all unchecked actions are prohibited. Note that you can select or deselect all permissions at once by clicking the icon .
Then click Create the manager at the bottom of the page

Managers will be able to access their TinyMDM account by clicking on Unique authentication (SSO).