Integrate Active Directory(AD)

Overview

Most organizations use Active Directory to simplify user management, identity management and user authentication. Mobile Device Manager Plus integrates with your organization's Active Directory to help leverage its benefits.

Advantages of AD Integration

Integrating AD with MDM

To integrate your organization's AD with MDM, navigate to Enrollment -> Active Directory. Follow the steps given below:

  1. Click on Add domain and choose the type of AD to integrate.
  2. If On-premises is chosen, enter the following details
  3. If Azure AD is chosen, enter the following details
  4. Click on Add domain to complete the integration.

Once the domain is added it will be listed on this page. Admins can also integrate multiple ADs to MDM. If you have integrated Gsuite with MDM, you can view the details in this page.

Sync with AD

Mobile Device Manager Plus syncs with the AD once every day to fetch the details. In case of on-premises AD, the complete data is synced whereas in the case of Azure AD only the modifications are noted and posted back to MDM.

The admin can initiate a manual sync with AD by clicking either on Sync all or Sync only modified. As the name suggests, clicking on 'Sync all' will sync the complete AD again with MDM and 'Sync only modified' syncs only the changes that were made after the previous sync.

Sync AD groups

After integration AD with MDM, you can also choose to sync the AD groups directly to MDM. With this, the admin can manage devices by associating profiles, distributing apps and documents directly to the AD groups.

Enable group sync by clicking on Enable groups sync under the Actions column. This will sync all the groups from the selected domain and these groups will be available in Groups and Devices in the Device Mgmt tab.

Similarly, the group sync can be disabled by clicking on Disable group sync. This will disable all the synced groups from MDM. The profiles, apps and documents will have to be removed manually by the users or the admin.

Remove AD

To remove an AD from MDM, you need to ensure that the user does not have any enrolled devices or any pending enrollment requests. Once this condition is met, click on Action and Delete to disassociate the AD from MDM.

Note: The users and groups will be listed on the MDM server even after disassociating the AD and need to be removed manually by the admin.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine