SAML-authenticated enrolment flow
When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Enrollment flow for a fresh login
- When a user visits the enrollment URL for the first time before single sign-on
authentication, then initial enrollment flow is as follows:
- On the enrollment page, when the user clicks Sign
in, the user is redirected to the SAML service for
login.
If Okta is configured as the SAML service, user is redirected to Okta Sign in page as follows.
- With the corporate's identity service credentials to the SAML service,
the user is authenticated. After the user logs in to the SAML service,
the enrollment page appears:
- Provide the necessary information and click Enroll to begin the MDM enrollment process and access the corporate resources.
- On the enrollment page, when the user clicks Sign
in, the user is redirected to the SAML service for
login.
- Enrollment flow when the session times out
- When the logged in session times out for a user, the enrollment flow is same
that of a fresh log in.Note: By default, the session times out after 15 minutes.
- Enrollment flow when the user has already authenticated via SAML
- When the user has already logged in with SAML authentication, the user can continue to enroll without the need for any further authentication, as SAML is the single sign-on (SSO) authentication that allows the users to log in once and access multiple applications without needing to enter credentials for each application.