Integrate Directory Services with MDM
In any organization, Active Directory plays an important role thanks to its extensive capabilities including but not restricted to user management, identity management, authentication etc., Mobile Device Manager Plus integrates with your organization's Active Directory to help leverage its benefits.
Advantages of Directory Integration
- Enroll devices with Directory credentials
In enrollment by invites, employees can use their Directory credentials to authenticate themselves and enroll devices, instead of using OTP. In addition, Directory credentials as a part of Two-factor authentication, to improve security further. Upon integration, admin can also restrict users' of certain Directory groups from enrolling devices using self enrollment provided the domain has been verified.
- Sync users and groups
After integrating MDM with your organization's directory, the users/groups are synced from the directory and their email ID and names are auto suggested when an enrollment request is created. If there is a change in the users' e-mail address, display name or other attributes in the Directory, this is automatically updated in the accounts configured with Mobile Device Manager Plus. This helps admin create the enrollment requests quicker.
- Single sign-on (SSO)
The admin or technicians can login to the MDM portal using their Directory credentials once, and then easily access their applications without having to enter an additional set of credentials.
Supported Directory Services
- Integrating Active Directory with MDM On-Premise
- Integrating Active Directory with MDM Cloud
- Integrating Azure AD with MDM On-Premise
- Integrating Azure AD with MDM Cloud
- Integrating Okta
- Integrating Google Workspace (G Suite)
- SAML based generic IdPs
Sync Directory users
Mobile Device Manager Plus syncs with the configured Directory once every day to fetch the details. In case of On-Premises AD and Google Workspace (G Suite) directory, the complete data is synced whereas in other directories, only the modifications are noted and posted back to MDM.
The admin can initiate a manual sync with the directory services by clicking either on Sync all or Sync only modified. As the name suggests, clicking on Sync all will sync the complete directory again with MDM and Sync only modified syncs only the changes that were made after the previous sync.
Sync Directory groups
After integrating Directory with MDM, you can also choose to sync the Directory groups directly to MDM. With this, the admin can manage devices by associating profiles, distributing apps and documents directly to the groups.
Enable group sync by clicking on Enable groups sync under the Actions column. This will sync all the groups from the selected domain and these groups will be available in Groups and Devices in the Device Mgmt tab.
Similarly, the group sync can be disabled by clicking on Disable group sync. This will disable all the synced groups from MDM. The profiles, apps and documents will have to be removed manually by the users or the admin.
Remove Directory Services
To remove an Directory from MDM, you need to ensure that the user does not have any enrolled devices or any pending enrollment requests. Once this condition is met, click on Action and Delete to disassociate the Directory from MDM.
Note: The users and groups will be listed on the MDM server even after disassociating the Directory and need to be removed manually by the admin.