For more than two decades, businesses have relied on Active Directory (AD) to manage user access privileges and apply security policies on endpoint devices such as laptops and desktops that run on windows-based operating systems.
IT Admins typically use AD to group users under the option Security Groups to enforce security policies to the end users when they access the enterprise network via desktops, laptops, and servers. But for a fact, today’s enterprises do not operate only through stationary workstations. Rather, the inception of smart handhelds like tablets, smartphones, and phablets have radically face-lifted the user endpoint space. It’s not only the form factor that impacts but also the operating system and underlying architecture. This has left businesses with no option but to adopt new technologies to achieve unified endpoint management. This is where Enterprise Mobility Management (EMM) comes in.
The AD authentication a validation process follows below mentioned steps:
1. Login to ADFS Server.
2. On ADFS Console, select Service and then click on Endpoints.
3. Under Endpoints, filter the listing using Type and note the URL path under OAuth.
4. Now, login to the SureMDM Web Console.
5. Go to Account settings.
6. Select Device Enrollment Rules tab and from Device Authentication Type drop-down menu select OAuth Authentication.
7. Under Enrollment Authentication section, select Native Application.
8. Select OAuth Type as ADFS Server and use the noted URL in step no. 3 to compose following values for Auth Endpoint and Token Endpoint.
Auth Endpoint – https://ad.42gears.com<copiedurl>/authorize/
Example – https://ad.42gears.com/adfs/oauth2/authorize/
Token Endpoint – https://ad.42gears.com<copiedurl>token/
Example – https://ad.42gears.com/adfs/oauth2/token/
9. Click on Generate to generate a Client Id. Note it down for reference.
10. Click on Apply to complete.
11. Now, to add a new Client ID, log in to the server where Active Directory (AD) is configured.
12. Open Windows PowerShell
13. Run the below command in Windows PowerShell to add a new client:
Add-ADFSClient -Name “OAUTH2 SureMDM Nix Client” -ClientId
What happens on the device on SureMDM enrollment?
1. Install SureMDM Nix Agent on your device from Google Play Store.
2. Enroll the device on SureMDM Web Console by either scanning the QR Code or entering the Account ID.
3. Authentication page will be displayed on SureMDM Nix Agent and click on Authorize Me and enter the credentials of Active Directory.
4. Once completed, SureMDM Nix Agent will be enrolled with the Active Directory Name.
To learn more about SureMDM, click here.