Enrolling DEP devices using SAML-based authentication

With the DEP customization changes in MaaS360®, you can now use the SAML-based authentication method to enroll DEP devices for iOS 13 or macOS 10.15 and later devices.

Before you begin

  • The device version must be at iOS 13 or macOS 10.15 and later.
  • From Setup > Settings > Directory and Enrollment > Basic Enrollment Settings, enable Corporate (SAML based) for Authentication Mode for Enrollment
  • In the DEP Profile, you must enable Authenticate User. If you want to customize the Acceptance Usage Policy that is displayed to the user during device boot up, you must enable the Corporate Usage Policy (Applying the Corporate Usage Policy to DEP devices) on the Advanced Enrollment Settings page and the DEP Profile page. You must assign the same DEP Profile to the device.
  • You must configure SAML server settings.

About this task

Follow these steps to enroll your DEP device in MaaS360 using the SAML-based authentication method:


  1. On your device, select the language preference and country or region.
  2. In the Quick Start wizard, click the Set up Manually option.
  3. Click Continue and connect to the wifi network.
  4. On the Remote Management screen, read about remote management and click Next.
  5. On the Authenticate screen, click Continue. You are redirected to single sign-on authentication.
  6. On the SAML authentication screen, sign in by entering your Username, Password, and click Sign in. If two-factor authentication is enabled in the SAML workflow, this screen is displayed and authentication is complete.
  7. Accept Terms that are listed in the Remote Management screen and click Continue.
  8. Accept Usage Policy and click Continue. The device might take some time to configure completely from MaaS360.


The DEP device enrollment based on SAML authentication is complete. The MaaS360 MDM profile is displayed on the user device at Device Management > General settings.