Addigy Identity and Extensible SSO can be leveraged to achieve directory connectivity, without needing to bind user accounts to Active Directory.
Addigy Identity
Addigy Identity allows end-users to use their Identity Provider (IdP) credentials to create and authenticate into local accounts. To learn more about Addigy Identity, check out our knowledge base articles:
- Identity Overview
- How to Enable Identity
- Identity Settings
- Identity User Experience
- How to Configure Microsoft's Azure Active Directory with Identity
SSO Extensible MDM Profile
- Provides SSO for IdP accounts across all applications/browsers that support the Apple Enterprise SSO feature
- Can be enabled via MDM
- Extends SSO to applications that don’t yet use IdP libraries
- Extends SSO to applications that use OAuth 2, OpenID, Connect, and SAML
Azure AD and Microsoft Enterprise SSO Plug-in
To use the Microsoft Enterprise SSO plug-in, devices must support and have installed an application that has the Microsoft SSO plug-in for Apple devices. For macOS, this is the Intune Company Portal App.
Note: the Company Portal App does not need to be accessed by end-users. The installation alone is sufficient.
Configuring the MDM Profile
To view an example Single Sign-On Extensions MDM profile, please see our webinar, linked above. When configuring the profile, note the following:
Single Sign-On Extensions URLs
- https://login.microsoftonline.com
- https://login.microsoft.com
- https://sts.windows.net
- https://login.partner.microsoftonline.cn
- https://login.chinacloudapi.cn
- https://login.microsoftonline.de
- https://login.microsoftonline.us
- https://login-us.microsoftonline.com
Type
- Redirect
TeamIdentifier
- UBF8T346G9
ExtensionIdentifier
-
com.microsoft.CompanyPortalMac.ssoextension
Workflow
- Configure Addigy Identity in a policy
- Configure Single Sign-On Extensions MDM Profile via Addigy Catalog
- Upload the Company Portal App as a Smart Software item
- Add the MDM Profile and Smart Software to a policy
After deploying the policy, users will be able to authenticate into their devices via their IdP provider, using Addigy Identity. After signing into a Microsoft service via SSO, users will also be authenticated into their other Microsoft services.