Integrate Active Directory(AD)

Overview

Most organizations use Active Directory to simplify user management, identity management and user authentication. Mobile Device Manager Plus integrates with your organization's Active Directory to help leverage its benefits.

Advantages of Directory Integration

Integrating AD with MDM

To integrate your organization's AD with MDM, navigate to Enrollment -> Directory Services. Now, click on Integrate/Add Domain and choose the directory type.

  1. If On-Premises AD is chosen, enter the following details and click on Add Domain to complete the integration.
  2. If Azure AD is chosen, click on Integrate and you'll be redirected to the Microsoft portal where you need to provide the Azure AD administrator credentials. Accept all the listed permissions to complete the integration.
  3. If G Suite is chosen, enter the following details and click on Save to complete the integration.
  4. NOTE: Self Enrollment and Groups Sync are currently not supported for G Suite.

  5. If Okta is chosen, enter the Org URL and Token Value by following the steps given below.

Once the domain is added, it will be listed on this page. Admins can also integrate multiple ADs with MDM. If you have integrated G Suite with MDM during Chromebook Enrollment, you can view the details in this page as well.

Sync with AD

Mobile Device Manager Plus syncs with the AD once every day to fetch the details. In case of On-Premises AD and G Suite directory, the complete data is synced whereas in other directories, only the modifications are noted and posted back to MDM.

The admin can initiate a manual sync with the directory services by clicking either on Sync all or Sync only modified. As the name suggests, clicking on Sync all will sync the complete directory again with MDM and Sync only modified syncs only the changes that were made after the previous sync.

Sync AD groups

After integration AD with MDM, you can also choose to sync the AD groups directly to MDM. With this, the admin can manage devices by associating profiles, distributing apps and documents directly to the AD groups.

Enable group sync by clicking on Enable groups sync under the Actions column. This will sync all the groups from the selected domain and these groups will be available in Groups and Devices in the Device Mgmt tab.

Similarly, the group sync can be disabled by clicking on Disable group sync. This will disable all the synced groups from MDM. The profiles, apps and documents will have to be removed manually by the users or the admin.

Remove AD

To remove an AD from MDM, you need to ensure that the user does not have any enrolled devices or any pending enrollment requests. Once this condition is met, click on Action and Delete to disassociate the AD from MDM.

Note: The users and groups will be listed on the MDM server even after disassociating the AD and need to be removed manually by the admin.

Copyright © 2021, ZOHO Corp. All Rights Reserved.
ManageEngine