For more than two decades, businesses have relied on Active Directory (AD) to manage user access privileges and apply security policies on endpoint devices such as laptops and desktops that run on windows-based operating systems.
IT Admins typically use AD to group users under the option Security Groups to enforce security policies to the end users when they access the enterprise network via desktops, laptops, and servers. But for a fact, today’s enterprises do not operate only through stationary workstations. Rather, the inception of smart handhelds like tablets, smartphones, and phablets have radically face-lifted the user endpoint space. It’s not only the form factor that impacts but also the operating system and underlying architecture. This has left businesses with no option but to adopt new technologies to achieve unified endpoint management. This is where Enterprise Mobility Management (EMM) comes in.
The AD authentication follows either – Device Side Validation and Server Side Validation.
Device Side Validation
1. Login to the SureMDM Web Console
2. Go to Account settings
3. Select Device Enrollment Rules tab and from Device Authentication Type drop-down menu select OAuth Authentication.
4. Get details for Auth Endpoint and Token Endpoint from the AD server and enter the values in the corresponding fields. Choose the Client Id as 0Auth Client Id (System Generated)
5. Use the system generated Client ID and use it in the script that you need to run at the server end to add the user.
To add a new Client ID, follow the steps below:
1. Log in to the server where Active Directory (AD) is configured
2. Open Windows PowerShell
3. Run the below command in Windows PowerShell to add a new client:
Add-ADFSClient -Name “OAUTH2 SureMDM Nix Client” -ClientId
Server Side Validation
1. For server side validation, go to Account settings prompt and select Active Directory Authentication using Admin account from Device Authentication Type drop-down menu
2. The IT Admin needs to fill out following details and click on Apply
Active Directory Server Path
3. Once done, SureMDM server will start communicating with your enterprise server and Server Side Authentication is complete.
Configure SureMDM Nix Agent for AD Enrollment
To configure SureMDM Nix Agent for Nix AD Enrollment, follow below-mentioned steps:
1. Install SureMDM Nix Agent on your device from Google Play Store
2. Enroll the device on SureMDM Web Console where Nix AD Authorization configuration is done
3. Authentication page will be displayed on SureMDM Nix Agent and click on Authorize Me and enter the credentials of Active Directory
4. Once completed, SureMDM Nix Agent will be enrolled with the Active Directory Name