Welcome
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
SAML-authentication configuration
MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
Using PingFederate
This document explains how to configure SAML Authentication for MCM using PingFederate through the MCM WebUI.
Step 5. Download IDP_CERT.cert from PingFederate Server
This section explains how to download the IdP signing certificate (IDP_CERT.cert) from the PingFederate server. The certificate is used to verify digital signatures on authentication responses and establish a trusted connection between PingFederate and integrated applications or services.

BigFix Documentation Homepage
Modern Client Management and BigFix Mobile
Welcome to the Modern Client Management and BigFix Mobile documentation, where you can find information about how to install, maintain, and use Modern Client Management and BigFix Mobile.
BigFix Mobile and MCM Overview
Discover how BigFix Mobile and Modern Client Management (MCM) extend unified endpoint management to mobile devices and modern OS platforms like iOS, Android, and Windows 10+, all from a single console.
Guides in PDF format
This section contains links to PDF versions of all the MCM and BigFix Mobile manuals.
Installing and Configuring BigFix Mobile and MCM
Read this guide to learn about the requirements and available installation scenarios to ensure that the deployment of BigFix MCM and BigFix Mobile goes smoothly in your environment.
- MCM and BigFix Mobile server and components installation
  This guide provides instructions for installing the MCM and BigFix Mobile server along with its components, ensuring proper setup and configuration.
- Identity Service Configuration
  Configure identity services for BigFix Mobile and MCM to enable secure authentication and seamless user access. Learn how to integrate with identity providers and streamline user management across Apple, Android, and Windows devices.
- Simple Certificate Enrollment Protocol (SCEP) configuration
  BigFix MCM supports certificate management and certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- Domain join installation and configuration
  Read this section to learn the prerequisites and the tasks to install ODJ service to set up your environment to enroll Windows devices and join Active Directory domain or both Active Directory and Azure AD domain.
- SAML-authentication configuration
  MCM and BigFix Mobile supports Security Assertion Markup Language (SAML) authentication to enroll devices to protect sensitive data and ensure secure access to corporate resources.
  - Key terms
    Read this section to get familiarized with the terms used in SAML-authenticated enrollment.
  - Using Okta
  - Using PingFederate
    This document explains how to configure SAML Authentication for MCM using PingFederate through the MCM WebUI.
    - Step 1. Configure SAML from the MCM WebUI
      To configure SAML Authentication for MCM using PingFederate, follow these steps:
    - Step 2. Create saml_credentials.json
      Create a saml_credentials.json file with properties for SAML authentication.
    - Step 3. Get signOnUrl from PingFederate Server
      This section outlines the steps required to retrieve the SignOn URL from the PingFederate server.
    - Step 4. Get issuer from PingFederate Server
      This section describes how to obtain the Issuer value from the PingFederate server. The Issuer uniquely identifies the PingFederate instance in SAML or OIDC transactions and is required when configuring trust relationships and validating authentication responses between integrated systems.
    - Step 5. Download IDP_CERT.cert from PingFederate Server
      This section explains how to download the IdP signing certificate (IDP_CERT.cert) from the PingFederate server. The certificate is used to verify digital signatures on authentication responses and establish a trusted connection between PingFederate and integrated applications or services.
    - Step 6. Verification Steps
      This section outlines the steps to validate the integration and ensure the configuration is functioning correctly.
Quick Start
This quick start guide gets you up and running with your BigFix MCM and BigFix Mobile solution. It helps you secure, configure, and manage your mobile devices quickly and efficiently.
User Guide
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Glossary
This glossary provides terms and definitions for the BigFix software and products.

Step 5. Download IDP_CERT.cert from PingFederate Server

This section explains how to download the IdP signing certificate (IDP_CERT.cert) from the PingFederate server. The certificate is used to verify digital signatures on authentication responses and establish a trusted connection between PingFederate and integrated applications or services.

About this task

Login as PingFederate Administrator
- Access the PingFederate Admin Console (e.g., https://pingfederate.example.com:9999/pingfederate/app)
Navigate to Digital Signatures
- Go to Security → Signing & Decryption Keys & Certificates
- Or navigate to Server Configuration → Certificates
Locate the Signing Certificate
- Find the certificate used for SAML Signing
- This is typically under Signing Certificate in the IdP configuration
Export the Certificate
- Click on the certificate you want to export
- Click Export or Download
- Select X.509 Certificate (.cer or .crt format)
- Save the file (e.g., pingfederate.cer or pingfederate.crt)
Alternative Method - Download from Metadata
- Navigate to your IdP metadata URL
  - Example: https://pingfederate.example.com/pf/federation_metadata.ping
- Save the metadata XML file
- Extract the certificate from the <X509Certificate> tag within <KeyDescriptor use="signing">
- Create a file with the certificate in PEM format:
```
-----BEGIN CERTIFICATE-----
[Certificate content from XML]
-----END CERTIFICATE-----
```