Enable Active Directory and Single Sign-On using SureMDM

For more than two decades, businesses have relied on Active Directory (AD) to manage user access privileges and apply security policies on endpoint devices such as laptops and desktops that run on windows-based operating systems.

IT Admins typically use AD to group users under the option Security Groups to enforce security policies to the end users when they access the enterprise network via desktops, laptops, and servers. But for a fact, today’s enterprises do not operate only through stationary workstations. Rather, the inception of smart handhelds like tablets, smartphones, and phablets have radically facelifted the user endpoint space. It’s not only the form factor that impacts but also the operating system and underlying architecture. This has left businesses with no option but to adopt new technologies to achieve unified endpoint management. This is where Enterprise Mobility Management (EMM) comes in.

42Gears EMM suite SureMDM seamlessly integrates with AD and caters to a Single Sign-On (SSO) facility. AD authentication with SureMDM helps IT Admins to enroll the users at one go while SSO allows the users to log in with a common corporate credential on all enterprise apps.

The AD authentication follows a two-step authentication – Device Side Validation and Server Side Validation.

Let us have a quick look on the AD authentication steps:

 

Device Side Validation:

1. Login to the SureMDM Web Console using Super User credential

2. Click on the top right corner dropdown menu and select Account settings

3. Select Device Enrollment Rules tab and from Device Authentication Type drop-down menu select OAuth Authentication (Android/iOS Only)

4. Take details for Auth Endpoint and Token Endpoint from the AD server and enter the values in the corresponding fields. Choose the Client Id as 0Auth Client Id ( System Generated)

5. Use the system generated Client ID and use it in the script that you need to run at the server end to add the user.

To add a new Client ID, follow below-mentioned steps:

1. Log in to the server where Active Directory (AD) is configured

2. Open Windows PowerShell

3. Run the below command in Windows PowerShell to add a new client:

Add-ADFSClient -Name “OAUTH2 SureMDM Nix Client8” -ClientId
“39F803D4-B2E7-4D65-8CBA-03734FA3AFC7-suremdm-nix-oauth” –
RedirectUri “com.nix.ad.appauth:/oauth2callback”

Values to be entered for above command: Name “OAUTH2 SureMDM Nix Client8” should be unique. So, you can change it to “OAUTH2 SureMDM Nix Client2”, “OAUTH2 SureMDM Nix Client3” etc. if required.

 

Server Side Validation

1. For server side validation, go to Account settings prompt and select Active Directory Authentication using Admin account from Device Authentication Type drop-down menu

2. The IT Admin needs to fill out following details and click on Apply

Active Directory Server Path

Domain Filter

Admin UsernameAdmin Password and

Admin Password

3. Once done, SureMDM server will start communicating with your enterprise server and Server Side Authentication is complete.

 

Enabling Single Sign-On in SureMDM

To enable Single Sign On in SureMDM, follow below mentioned steps:

1. Login to the SureMDM Web Console using Super User credential

2. Go to Account settings

3. Click on Single Sign-On tab

4. Enable Enable SSO option and click on Done

 

Configure SureMDM Nix Agent for Nix AD Enrollment

To configure SureMDM Nix Agent for Nix AD Enrollment, follow below-mentioned steps:

1. Install SureMDM Nix Agent on your device from Google Play Store

2. Enroll the device on SureMDM Web Console where Nix AD Authorization configuration is done

3. Authentication page will be displayed on SureMDM Nix Agent and click on Authorize Me and enter the credentials of Active Directory

4. Once completed, SureMDM Nix Agent will be enrolled with the Active Directory Name

 

Leave a Comment