With Mobile Guardian, you can integrate your Azure Active Directory authentication for both users and devices by inputting the required information on your school or district dashboard.
This article will cover the following:
- Pre-Requisites
- Required information for the configuration
- Step-By-Step Guide for Azure Configuration on the Dashboard
Pre-Requisites
The Azure Lightweight Directory Access Protocol (LDAP) authentication integration forms part of the Azure Active Directory Domain Services (AD DS) product. As such, this product must be licensed within Azure before it can be used for user sync and mobile device authentication within Mobile Guardian.
Azure enforces that a valid SSL certificate be used when allowing access via the internet and Mobile Guardian requires that this certificate be from a public certificate authority. You must ensure that the certificate matches the wildcard domain of your AD DS environment as Azure will not let you upload anything else. If you are having trouble setting up or using LDAP authentication, please make use of the Microsoft trouble shooting guide.
Once everything has been configured, the final step will be to require all users to reset their passwords so that they can sync from AD to AD DS. Without this step, authentication from the Mobile Guardian application will fail. Please see the Microsoft guide for further information about self-service password resets for your organisation.
Required information for the configuration
Now that you have all the prerequisites, we suggest gathering the following required information. This information will be needed when setting up the configuration on the Mobile Guardian dashboard for both user sync and mobile authentication settings:
- Active Directory Details
- Account suffix - ie @domain.com
- Base DN
- Domain Controller ie IP address or site.com
- Username
- Password
- Active Directory Mobile Details
- Account suffix - ie @domain.com
- Base DN
- Domain Controller ie IP address or site.com
- LDAP Port
- LDAPS Port
- Certificate - Certificate for authenticating the connection
Once you have acquired the above information you are ready to go through the steps of adding your configuration to the Mobile Guardian Dashboard using the guide below.
Step-By-Step Guide for Azure Configuration on the Dashboard
Using this guide we will go through the steps of adding the information gathered into the settings of the user sync and mobile authentication configurations on your dashboard.
Step 1 - User Sync
I. Login to Mobile Guardian.
II. Click on Settings
III. Click on Directory Settings
IV. Now we will start with user sync, enter the correct information on the form.
V. (Optional) Once you have entered the required details, You may then choose whether you would like to use SSL or not but selecting the slider to enable it.
VI. There are some additional settings you may enable, this is to your own preference.
VII. Once you are ready you may select the Test Connection option, if your connection is successful the dashboard will notify you with a "Connected" message.
You must click Save to save the configuration.
Congratulations you have set up the first configuration!
You can now proceed to set up the Mobile Authentication, which must be completed to finish setting up Azure Active Directory configurations on Mobile Guardian.
Step 2 - Mobile Authentication
For this next part, we will move to the Mobile Authentication tab.
I. In Settings > Active Directory > Click on the Mobile Authentication tab
II. Enter the information into the form, making sure the certificate is from a public certificate authority.
III. Scroll down you to view further options you can select.
Proxy via Mobile Guardian servers is optional, as well as Time-out and Inactivity time-out. You will need to select a Signed-out behavior from the following choices to finish off the configuration.
IV. Select Save and you will receive a notification informing you that the settings have been saved.
You have now completed setting up the dashboard configuration for Azure.
Any Device that you enrol will now display a Sign-in screen when opening Mobile Guardian which will look similar to the following device.
Congratulations your Azure Active Directory has been configured.
Please let us know if you found this useful
Thanks for reading :)
Comments
0 comments
Article is closed for comments.