1. Home
  2. How To Integrate Azure AD With Single Sign-On in 42Gears UEM?

How To Integrate Azure AD With Single Sign-On in 42Gears UEM?

KB ID: 42G2211050
Views: 32
Updated: November 2022

SureMDM supports Azure AD with Single Sign-On allowing IT Pros to access the SureMDM Web Console using Azure AD credentials with SSO. It adds an extra layer of security to the account. This feature will eliminate the need to create users separately in SureMDM.

There are two steps involved in configuring SSO with the Azure AD server:

1. Configure Settings in Azure AD 
2. Configure settings in the SureMDM Console

Part 1. Steps to Configure Settings in Azure AD

  1. Login to Microsoft Azure Server
  2. Select Azure Active Directory
  3. Select Enterprise Applications in the left panel.
  4. Click the New application icon on the top.
  5. Click Create your own application.
  6. Give the app name and select the optionIntegrate any other application you don’t find in the gallery (Non-Gallery)
  7. Click Create.
  8. On the App property page, select Set up Single Sign-On 
  9. Click on Get started.
  10. Select Mode as SAML based Sign On
  11. Click Basic SAML Configuration, click on edit, and enter the below details
    1. Entity ID: urn:42gears:suremdm:SAML2ServiceProvider

    2. Reply URL:  https://<SureMDM Server URL>/console/ssoconsumer/<SureMDM Account ID>

    3. Sign on URL: https://<SureMDM Server URl>/console/ssoconsumer/<SureMDM Account ID>

    Note: Admin should enter their Server URL and Account ID into the above-mentioned URL.
    Example: https://42gears.in.suremdm.io/console/ssoconsumer/123456789
  12. Click Save and on the same page under SAML certificates, download the Certificate (Base 64) and Federation Metadata XML.
  13. A certificate will download.

Part 2. Steps to Configure Settings in SureMDM Console

  1. Login to the SureMDM Web Console
  2. Click on Settings
  3. Further click on Account Settings
  4. Navigate to Enterprise Integrations
  5. Further, click on SAML Single Sign-On
  6. Check Enable Single Sign-On and select Azure AD in the SSO type dropdown
  7. Enter the configurations as explained in the below table

    SettingsDescription
    Enable Single Sign-OnSelect this option to allow configuring Single Sign-On settings.
    SSO TypeSelect Azure AD.
    Service IdentifierEnter the Service Identifier
    This value is present under EntityDescriptor tag, entityID property of metadata XML file. See step no.7, Configure settings in Azure AD server. 

    For example: https://sts.windows.net/f7ecc730-6267-405e-910a-5eced15bcf21/
    Sign On Service UrlEnter the Service Identifier Url.
    This value is present under <md:SingleSignOnService  (node with HTTP-Redirect binding) > Location. Fetch these values from the metadata XML file downloaded in step no.7, Configure settings in Azure AD server. 

    For example: https://login.microsoftonline.com/f7ecc730-6267-405e-910a-5eced15bcf21/saml2
    Logout Service UrlEnter the URL for logout. Generally same as Sign on URL

    For example: https://login.microsoftonline.com/f7ecc730-6267-405e-910a-5eced15bcf21/saml2
    RolesAssign a Role (and associated permissions) from the drop-down list. 
    Device Group SetAssign a Device Group Set (and associated permissions) from the drop-down list. 
    Jobs/Profiles Folder SetAssign a Job Folder Set (and associated permissions) from the drop-down list. 
  8. Click Upload Certificate to Upload the .cer file (downloaded in step no.12)
    Note: Password field is optional.
  9. Click Done
  10. The users can login to the SureMDM using the URL in the below format
    https://<SureMDM Server URL>/console/ssologin/<SureMDM Account ID>

Note: Admin should enter their Server URL and Account ID into the above-mentioned URL.
Example: https://abc.suremdm.io/console/ssologin/1234567890