SureMDM Enrollment with Active Directory Authentication

For more than two decades, businesses have relied on Active Directory (AD) to manage user access privileges and apply security policies on endpoint devices such as laptops and desktops that run on windows-based operating systems.

IT Admins typically use AD to group users under the option Security Groups to enforce security policies to the end users when they access the enterprise network via desktops, laptops, and servers. But for a fact, today’s enterprises do not operate only through stationary workstations. Rather, the inception of smart handhelds like tablets, smartphones, and phablets have radically face-lifted the user endpoint space. It’s not only the form factor that impacts but also the operating system and underlying architecture. This has left businesses with no option but to adopt new technologies to achieve unified endpoint management. This is where Enterprise Mobility Management (EMM) comes in.

The AD authentication a validation process follows below mentioned steps:

1. Login to ADFS Server.

2. On ADFS Console, select Service and then click on Endpoints.

SureMDM Enrollment with Active Directory Authentication - ADFS

3. Under Endpoints, filter the listing using Type and note the URL path under OAuth.

SureMDM Enrollment with Active Directory Authentication - OAuth

4. Now, login to the SureMDM Web Console.

SureMDM Enrollment with Active Directory Authentication - SureMDM Login

5. Go to Account settings.

SureMDM Enrollment with Active Directory Authentication - Account Settings

6. Select Device Enrollment Rules tab and from Device Authentication Type drop-down menu select OAuth Authentication.

SureMDM Enrollment with Active Directory Authentication - OAuth Authentication

7. Under Enrollment Authentication section, select Native Application.

SureMDM Enrollment with Active Directory Authentication - Enrollment

8. Select OAuth Type as ADFS Server and use the noted URL in step no. 3 to compose following values for Auth Endpoint and Token Endpoint.

SureMDM Enrollment with Active Directory Authentication - Tokens

Auth Endpointhttps://ad.42gears.com<copiedurl>/authorize/

Example – https://ad.42gears.com/adfs/oauth2/authorize/

Token Endpoint https://ad.42gears.com<copiedurl>token/

Example – https://ad.42gears.com/adfs/oauth2/token/

9. Click on Generate to generate a Client Id. Note it down for reference.

SureMDM Enrollment with Active Directory Authentication - Generate

10. Click on Apply to complete.

11. Now, to add a new Client ID, log in to the server where Active Directory (AD) is configured.

12. Open Windows PowerShell

13. Run the below command in Windows PowerShell to add a new client:

Add-ADFSClient -Name “OAUTH2 SureMDM Nix Client” -ClientId

“39F803D4-B2E7-4D65-8CBA-03734FA3AFC7-suremdm-nix-oauth” –

RedirectUri “com.nix.ad.appauth:/oauth2callback”

SureMDM Enrollment with Active Directory Authentication - PowerShell

 

What happens on the device on SureMDM enrollment?

1. Install SureMDM Nix Agent on your device from Google Play Store.

2. Enroll the device on SureMDM Web Console by either scanning the QR Code or entering the Account ID.

3. Authentication page will be displayed on SureMDM Nix Agent and click on Authorize Me and enter the credentials of Active Directory.

SureMDM Enrollment with Active Directory Authentication - Authorize

4. Once completed, SureMDM Nix Agent will be enrolled with the Active Directory Name.

 

To learn more about SureMDM, click here.

Leave a Comment