et'al Software Solutions
Et'al MDM
Features

SSO / SAML Authentication

Configure Single Sign-On with your organization's identity provider for secure, centralized access to Et'al MDM.

Et'al MDM supports SAML 2.0 Single Sign-On across all plans, allowing your team to authenticate using your organization's existing identity provider.

Supported Identity Providers

Et'al MDM works with any SAML 2.0 compliant identity provider, including:

  • Okta
  • Microsoft Azure AD (Entra ID)
  • Google Workspace
  • OneLogin
  • JumpCloud
  • Ping Identity
  • Any SAML 2.0 IdP

How It Works

  1. Your team visits etalmdm.com/login and selects the SSO (SAML) tab
  2. They enter their work email (e.g., jane@yourcompany.com)
  3. Et'al MDM detects the email domain and redirects to your identity provider
  4. The user authenticates with their corporate credentials (password, MFA, etc.)
  5. Your IdP redirects back to Et'al MDM with a verified identity
  6. The user is signed in — no separate password needed

Setting Up SSO for Your Organization

To configure SSO, your IT administrator needs to create a SAML 2.0 application in your identity provider using the following values:

Et'al MDM SAML Configuration

FieldValue
Entity ID / Metadata URLhttps://api.etalmdm.com/auth/v1/sso/saml/metadata
ACS URL (Assertion Consumer Service)https://api.etalmdm.com/auth/v1/sso/saml/acs
NameID FormatemailAddress or persistent
Sign-on URLhttps://etalmdm.com/login

You can download our SAML metadata XML directly: Download Metadata

Required SAML Attributes

Your identity provider must include the user's email address in the SAML assertion. Et'al MDM checks these attribute names in order:

  1. urn:oid:0.9.2342.19200300.100.1.3
  2. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  3. mail
  4. email

Most identity providers include email by default. If authentication fails, verify this attribute is mapped.

Optional Attributes

For a richer user profile, you can also map:

AttributePurpose
givenName or first_nameUser's first name
sn or last_nameUser's last name
displayNameFull display name

Setup Guides by Provider

Okta

  1. In Okta Admin Console, go to ApplicationsCreate App Integration
  2. Select SAML 2.0 and click Next
  3. Configure:
    • Single sign-on URL: https://api.etalmdm.com/auth/v1/sso/saml/acs
    • Audience URI (SP Entity ID): https://api.etalmdm.com/auth/v1/sso/saml/metadata
    • Name ID format: EmailAddress
  4. Add attribute statements for email, firstName, lastName
  5. Assign the app to the appropriate users/groups
  6. Copy the Metadata URL from the app's Sign On tab
  7. Send the Metadata URL to Et'al MDM support to complete the connection

Microsoft Azure AD (Entra ID)

  1. In Azure Portal, go to Enterprise ApplicationsNew Application
  2. Click Create your own application → name it "Et'al MDM"
  3. Go to Single sign-onSAML
  4. In Basic SAML Configuration:
    • Identifier (Entity ID): https://api.etalmdm.com/auth/v1/sso/saml/metadata
    • Reply URL (ACS URL): https://api.etalmdm.com/auth/v1/sso/saml/acs
  5. In Attributes & Claims, ensure emailaddress is mapped
  6. Assign users/groups to the application
  7. Copy the App Federation Metadata URL from the SAML Signing Certificate section
  8. Send the Metadata URL to Et'al MDM support to complete the connection

Google Workspace

  1. In Google Admin Console, go to AppsWeb and mobile appsAdd appAdd custom SAML app
  2. Name it "Et'al MDM" and click Continue
  3. Copy the SSO URL and Certificate (or download the metadata)
  4. Configure the Service Provider:
    • ACS URL: https://api.etalmdm.com/auth/v1/sso/saml/acs
    • Entity ID: https://api.etalmdm.com/auth/v1/sso/saml/metadata
    • Name ID format: EMAIL
  5. Map attributes: email → Primary email
  6. Enable the app for the appropriate organizational units
  7. Send the metadata to Et'al MDM support to complete the connection

Completing the Setup

After configuring your identity provider:

  1. Send your IdP Metadata URL (preferred) or Metadata XML file to support@etalmdm.com
  2. Include the email domain(s) to associate (e.g., yourcompany.com)
  3. We'll register the connection and confirm within 24 hours
  4. Test by logging in at etalmdm.com/loginSSO (SAML) tab

Important: SSO users and password users with the same email address are treated as separate accounts. If your organization uses SSO, we recommend all users sign in via SSO exclusively.

Frequently Asked Questions

Is SSO available on all plans?

Yes. SSO / SAML authentication is included on Base, Pro, and Enterprise plans at no additional cost.

Can I use SSO and password login together?

Yes, but each method creates a separate account. We recommend choosing one method per organization to avoid confusion.

What happens if our IdP is down?

Users who normally sign in via SSO will not be able to authenticate until the IdP is restored. We recommend your IdP admin maintains high availability for the SAML endpoint.

Can we use IdP-initiated login?

For security reasons, we recommend SP-initiated login (starting from our login page). If your IdP supports bookmark apps, create one that points to https://etalmdm.com/login for one-click access.

How do certificate rotations work?

If you provided a Metadata URL (recommended), certificate rotations are handled automatically. If you provided a static XML file, contact support@etalmdm.com when your IdP rotates certificates.

Fleet Monitoring

Real-time compliance dashboards, audit logging, reports, and automated alerts for your device fleet.

Frequently Asked Questions

Find answers to common questions about Et'al MDM.

On this page

Supported Identity ProvidersHow It WorksSetting Up SSO for Your OrganizationEt'al MDM SAML ConfigurationRequired SAML AttributesOptional AttributesSetup Guides by ProviderOktaMicrosoft Azure AD (Entra ID)Google WorkspaceCompleting the SetupFrequently Asked QuestionsIs SSO available on all plans?Can I use SSO and password login together?What happens if our IdP is down?Can we use IdP-initiated login?How do certificate rotations work?