Welcome
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
SAML-authentication configuration
MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
Using PingFederate
This document explains how to configure SAML Authentication for MCM using PingFederate through the MCM WebUI.
Step 1. Configure SAML from the MCM WebUI
To configure SAML Authentication for MCM using PingFederate, follow these steps:

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
BigFix Mobile and MCM Overview
Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
- MCM and BigFix Mobile server and components installation
  This guide provides instructions for installing the MCM and BigFix Mobile server along with its components, ensuring proper setup and configuration.
- Identity Service Configuration
  Configure identity services for BigFix Mobile and MCM to enable secure authentication and seamless user access. Learn how to integrate with identity providers and streamline user management across Apple, Android, and Windows devices.
- Simple Certificate Enrollment Protocol (SCEP) configuration
  BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- Domain join installation and configuration
  Read this section to learn the prerequisites and the tasks to install ODJ service to set up your environment to enroll Windows devices and join Active Directory domain or both Active Directory and Azure AD domain.
- SAML-authentication configuration
  MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
  - Key terms
    Read this section to get familiarized with the terms used in SAML-authenticated enrollment.
  - Using Okta
  - Using PingFederate
    This document explains how to configure SAML Authentication for MCM using PingFederate through the MCM WebUI.
    - Step 1. Configure SAML from the MCM WebUI
      To configure SAML Authentication for MCM using PingFederate, follow these steps:
    - Step 2. Create saml_credentials.json
      Create a saml_credentials.json file with properties for SAML authentication.
    - Step 3. Get signOnUrl from PingFederate Server
      This section outlines the steps required to retrieve the SignOn URL from the PingFederate server.
    - Step 4. Get issuer from PingFederate Server
      This section describes how to obtain the Issuer value from the PingFederate server. The Issuer uniquely identifies the PingFederate instance in SAML or OIDC transactions and is required when configuring trust relationships and validating authentication responses between integrated systems.
    - Step 5. Download IDP_CERT.cert from PingFederate Server
      This section explains how to download the IdP signing certificate (IDP_CERT.cert) from the PingFederate server. The certificate is used to verify digital signatures on authentication responses and establish a trusted connection between PingFederate and integrated applications or services.
    - Step 6. Verification Steps
      This section outlines the steps to validate the integration and ensure the configuration is functioning correctly.
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Step 1. Configure SAML from the MCM WebUI

To configure SAML Authentication for MCM using PingFederate, follow these steps:

About this task

Procedure

Navigate to the WebUI:
1. Go to Admin → MDM Servers → Manage Capability
2. Enable Identity Service Configuration and select the option PingDirectory
Fill in the required fields:
- Enable SAML: Check this box to enable SAML authentication.
- SAML Credentials (Upload): Upload the saml_credentials.json file containing the issuer and signOnUrl values.
- SAML Identity Provider Certificate (Upload): Upload the IDP_CERT.cert file downloaded from PingFederate.
- LDAP URL*: Provide the LDAP server URL in the format ldaps://<server>:<port>.
  - Example: ldaps://ldap.bigfix.com:636
- LDAP Base DN*: Specify the base distinguished name (DN) for LDAP queries.
  - Example: dc=bigfix,dc=com
- LDAP Bind User*: Enter the LDAP bind user in one of the following formats:
  - nwuser@bigfix.local
  - cn=admin,dc=bigfix,dc=com
- LDAP Bind Password*: Provide the password for the LDAP bind user.
Save the Configuration:
- Click Save to apply the settings.