Access Cookbook Overview

In a cloud services environment, there are service providers (SP) such as Office 365, Salesforce, Workday and there is are identity providers (IDP) such as Box, Okta, Ping to name a few in each category. Generally, a service provider is federated with an identity provider for authentication. The user gets authenticated by the identity provider and obtains a SAML token for accessing applications in a cloud environment.

There is a trust establishment between SP and IDP via SAML2 Federation. The trust is formed after exchanging the SAML2 metadata between both providers. Once the trust is formed, the IDP issues digitally-signed assertions which the SP can then verify and allow the user to access the services. SAML provides single sign-on service for users accessing their services hosted in a cloud environment.

The cookbooks serve as a step-by-step configuration manual for users working with service providers and identity providers in a cloud environment.

Configuring a federated pair

Configuring a federated pair in MobileIron Access requires 5 steps:

Step 1: On the IDP Portal, create an application in the IDP and download the metadata and certificate. If the application already exists, download the metadata and certificate directly. For more information on individual cookbooks, see Cookbooks for Federated Pairs table below.

Step 2: On the SP Portal, create an IDP configuration in the SP and download the metadata. If the IDP configuration already exists, download the metadata directly. For more information on individual cookbooks, see Cookbooks for Federated Pairs table below.

Step 3: On the MobileIron Access portal, create a Federated Pair in Access and download the new proxy metadata generated in Access for SP and IdP. You must configure Access to select your service provider and the identity provider. You can apply the configuration settings for the service provider and the identity provider to create a federated pair.

  1. Log in to Access.

  2. Click Profiles > Get Started.

  3. Enter the Access host information and upload the ACCESS SSL certificate. The other fields retain the default values. Click Save.

  4. Click Profiles > Federated Pairs > Add.

  5. Select the appropriate service provider and complete the configuration.

  6. Click Next > select the appropriate identity provider and complete the configuration.

  7. Click Done. The new federated pair is created.

  8. On the Federation page, download the proxy metadata for SP and IDP.

Step 4: On the IDP portal, update the IdP with the new SP proxy metadata downloaded from Access.

Step 5: On the SP Portal, update the SP with the new IdP proxy metadata downloaded from Access.

Cookbooks

Cookbooks for Federated Pairs

Cookbooks for Service or Identity Providers

Box and Azure AD

Cookbook for Azure AD

Box and Ping Federate

Cookbook for Cisco Webex

Box and PingOne

Cookbook for G Suite

Concur and ADFS

Cookbook for Okta

DropBox and ADFS

Cookbook for OneLogin

DropBox and PingOne

Cookbook for Office 365

Facebook and G Suite

Cookbook for PingFederate

Facebook Workplace and Okta

Cookbook for Pulse Connect Secure

Facebook and PingOne

Cookbook for Microsoft ADFS

G Suite and Azure AD

Cookbook for Salesforce

G Suite and Okta

 

G Suite and OneLogin

 

G Suite and PingOne

 

G Suite and ADFS

 

Google Apps and Microsoft ADFS

 

Office 365 and Microsoft ADFS

 

Office 365 and Okta

 

Office 365 and PingFederate

 

Office 365 and SecureAuth

 

Office 365 and Shibboleth

 

PingFederate and Salesforce

 

ServiceNow and Microsoft ADFS

 

ServiceNow and Okta

 

ServiceNow and PingOne

 

Salesforce and ADFS

 

Salesforce and G Suite

 

Salesforce and Okta

 

Salesforce and OneLogin

 

Salesforce and Ping Federate

 

Salesforce and PingOne

 

Salesforce and SecureAuth

 

SuccessFactors and ADFS

 

SuccessFactors and Okta

 

Tableau and ADFS

 

Test SP and Test IDP

 

Webex and ADFS

 

Webex and Okta

 

Workday and ADFS