Category Filter

Azure Active Directory Integration with Hexnode MDM

Azure Active Directory (AD) is a cloud-based, multi-tenant identity and access management service. It provides easy sign-in provisions and automates workflow to meet the needs of your growing organization. It is a source to a single user or group information and provides a platform with enhanced security, access management, scalability and reliability for connecting multiple users.

Azure AD supports multi-factor authentication thus providing a source of security for organizational resources. It allows the users to sign in with their pre-existing credentials by bringing in single sign-on (SSO) based approach. Integrate your Azure AD with Hexnode and manage the Active Directory from a single console, sync your users and groups for easy enrollment and policy assignment.

Steps to configure Azure Active Directory with Hexnode MDM

To configure Azure Active Directory with Hexnode,

  1. On your Hexnode MDM console, navigate to Enroll > All Enrollments and under Enterprise category, choose Azure AD.
  2. You’ll be directed to a screen to enter the Directory (Tenant) ID. Sign in to the Azure portal for your directory and copy the Directory ID (Azure Active Directory > Properties).
     
    Note:

    You can also add verified custom domains (Azure Active Directory > Custom domain names) in the Directory (Tenant) ID field.

  3. Enter the Directory ID in the Directory (Tenant) ID field on the Hexnode console. Click Configure.
  4. You’ll be asked to sign in with your Azure portal user credentials. Click Accept. This will render the listed permissions to the Hexnode Azure Directory Services.
  5. Azure Active Directory Integration with Hexnode MDM

  6. Azure AD is configured. You can now sync the Active Directory with Hexnode MDM.

Schedule a sync

Hexnode MDM allows the users to decide how often they wish to sync the AD with Hexnode.

  • Admins can choose to initiate sync either daily or on a weekly basis.
  • Select the days of the week or choose a specific time of a day for the sync to occur.

Notes:

  • Microsoft Azure AD users can enroll their devices in Hexnode MDM by authenticating their directory credentials. Hexnode Azure Directory Services require the following consent permissions to authenticate with Azure AD:
    • profile – View users’ basic profile
    • offline_access – Maintain access to data you have given it access to
    • email – View users’ email address
    • openid – Sign users in
    • User.ReadBasic.All – Sign in and read user profile
  • If an Azure AD administrator has set the User consent settings (Azure Active Directory > Enterprise applications > Consent and permissions) to ‘Do not allow user content,’ users will not be able to grant the consent permissions to Hexnode Azure Directory Services. In that case, the permissions require admin consent for authentication, and users without admin privileges will fail to enroll their devices in Hexnode MDM. To overcome this scenario, the admin must set the User consent settings to either Allow user consent for apps or Allow user consent for apps from verified publishers, for selected permissions.
  • If the ‘User consent settings’ is set to ‘Allow user consent for apps from verified publishers, for selected permissions,’ the admin must enable the permissions as mentioned earlier so that users can consent to on behalf of the organization. To enable such permissions, the admin has to navigate to Azure Active Directory > Enterprise applications > Consent and permissions > Permission classifications (preview) > + Add permissions > Microsoft APIs > Microsoft Graph.