1. Home
  2. Knowledge Base
  3. How to Integrate Azure AD with Single Sign-On in 42Gears UEM
Searching...

How to Integrate Azure AD with Single Sign-On in 42Gears UEM

Contents

SureMDM supports Azure AD with Single Sign-On allowing IT Pros to access the SureMDM Web Console using Azure AD credentials with SSO. It adds an extra layer of security to the account. This feature will eliminate the need to create users separately in SureMDM.

Purpose

The purpose of this article is to provide a guide on how to make 42Gears UEM’s Single Sign-On work with Azure AD.

Prerequisites

There are two steps involved in configuring SSO with the Azure AD server:

1. Configure Settings in Azure AD
2. Configure settings in the SureMDM Console

Steps

Step 1: Steps to Configure Settings in Azure AD

  1. Login to Microsoft Azure Server.
  2. Select Azure Active Directory.
  3. Select Enterprise Applications in the left panel.
  4. Click the New application icon on the top.
  5. Click Create your own application.
  6. Give the App name and select the option Integrate any other application you don’t find in the gallery (Non-Gallery)
  7. Click Create.
  1. On the App property page, select Set up Single Sign-On.
  2. Click on Get started.
  1. Select Mode as SAML based Sign On.
  2. Click Basic SAML Configuration, click on edit and enter the below details.
  • Entity ID: urn:42gears:suremdm:SAML2ServiceProvider
  • Reply URL:  https://<SureMDM Server URL>/console/ssoconsumer/<SureMDM Account ID>
  • Sign on URL: https://<SureMDM Server URl>/console/ssoconsumer/<SureMDM Account ID>

Note: Admin should enter their Server URL & Account ID into the above-mentioned URL.
Example: https://42gears.in.suremdm.io/console/ssoconsumer/123456789

  1. Click Save and on the same page under SAML certificates, download the Certificate (Base 64) and Federation Metadata XML.
  2. A certificate will download.

Step 2. Steps to Configure Settings in SureMDM Console

  1. Login to the SureMDM Web Console.
  2. Click on Settings.
  3. Further click on Account Settings.
  4. Navigate to Enterprise Integrations.
  5. Further, click on SAML Single Sign-On.
  6. Check Enable Single Sign-On and select Azure AD in the SSO type dropdown
  7. Enter the configurations as explained in the below table

SettingsDescription
Enable Single Sign-OnSelect this option to allow configuring Single Sign-On settings.
SSO TypeSelect Azure AD.
Service IdentifierEnter the Service Identifier. This value is present under EntityDescriptor tag, entityID property of metadata XML file. See step no.7, Configure settings in Azure AD server. 
For example: https://sts.windows.net/f7ecc730-6267-405e-910a-5eced15bcf21/
Sign On Service UrlEnter the Service Identifier Url.This value is present under <md:SingleSignOnService  (node with HTTP-Redirect binding) > Location. Fetch these values from the metadata XML file downloaded in step no.7, Configure settings in Azure AD server.

For example: https://login.microsoftonline.com/f7ecc730-6267-405e-910a-5eced15bcf21/saml2
Logout Service UrlEnter the URL for logout. Generally same as Sign on URL
For example: https://login.microsoftonline.com/f7ecc730-6267-405e-910a-5eced15bcf21/saml2
RolesAssign a Role (and associated permissions) from the drop-down list. 
Device Group SetAssign a Device Group Set (and associated permissions) from the drop-down list. 
Jobs/Profiles Folder SetAssign a Job Folder Set (and associated permissions) from the drop-down list. 
  1. Click Upload Certificate to Upload the .cer file (downloaded in step no.12)
    Note: Password field is optional.
  2. Click Done
  3. The users can login to the SureMDM using the URL in the below format
    https://<SureMDM Server URL>/console/ssologin/<SureMDM Account ID>

Note: Admin should enter their Server URL & Account ID into the above-mentioned URL.
Example: https://abc.suremdm.io/console/ssologin/1234567890

Need more help? Here’s how to get help from our experts. 

CONTACT US

Was this helpful?
YesNo
Updated on July 2023