pdf icon
Category Filter

Integrate Azure Active Directory(AD) with MDM On-Premise

Azure has been fast rising as the preferred AD services for organizations, especially as more organization go cloud. With that in consideration, you can integrate the Azure AD of your organization with MDM, to configure policies based on AD-users and/or groups. You need to use an Azure account, with global administrator privileges, to integrate Azure AD with MDM Cloud.

Integration Procedure

You need to follow the steps below to integrate your Azure AD with MDM On-Premise:

  • On the MDM console, navigate to Enrollment > Directory Services.
  • Click on Add Domain and select Azure AD.
  • Click on Integrate.
  • In case of MDM On-Premises, If OAuth is not configured, you will get an error message saying "OAuth App details are not yet configured".
  • Click here to configure OAuth. You will be prompted to enter the Client ID and Client Secret. How to obtain client id and client secret?
    Note: For MDM Cloud, OAuth app configuration is not required.
  • Once you have entered the Client ID and Client Secret, click on Integrate. You will be redirected to Azure login page.
  • After logging into the Azure portal, a consent screen will be displayed. Click on Accept to complete Azure integration.
  • Once the integration is successful, you will be redirected back to the MDM server. You can utilize the AD credentials for User Authentication during enrollment, creating AD user user groups etc.

How to obtain Client ID and Client Secret

  1. Log in to the Azure portal, navigate to App registrations and click on New registration.
  2. azure_ad_2

  3. Provide the name for Azure OAuth app.
  4. Select Multitenant under supported Account types.
  5. azure_ad_4

  6. Select Web as Redirect URI and copy the Redirect URI from the MDM console and enter here.
  7. Click on Register.
  8. Once you have registered Azure OAuth app, copy the Client ID and paste it on the MDM server.
  9. azure_ad_5

  10. Click on Add a certificate or secret and click New Client Secret.
  11. azure_ad_6

  12. Enter a description and set the client secret expiry duration.
  13. azure_ad_7

  14. Copy the value of the Client Secret and paste it back on the MDM server.
  15. Now the OAuth will be successfully configured on the MDM server.

How to configure 'login_hint'

The login_hint optional claim will be used to offer seamless single sign out experience for users logging in via OAuth. It is a best practice from security and user experience perspective. If you are allowing users to login to the MDM console using Azure credentials, it is recommended to configure 'login_hint'. To configure 'login_hint' follow the below mentioned steps:

  1. Log in to the Azure portal, navigate to App registrations and choose the Azure OAuth app created for MDM integration.
  2. Click on Token Configuration.
  3. Click on Add Optional Claim and select ID.
  4. azure_ad_8

  5. Select login_hint and click on Add.
Jump To