This guide walks the user through configuring SSO Authentication with Microsoft Entra ID. Learn more about Automated Device Enrollment Settings here: Automated Device Enrollment Settings
-
In Addigy go to the Automated Device Enrollment Settings in the desired policy and go to End-User Setup Assistant Experience > Authentication Type > choose SSO Enrollment from the drop down
-
In Microsoft Entra ID go to Enterprise Application and choose New Application
-
In the Browse Microsoft Entra Gallery, choose Create your own application in the upper left-hand corner
-
Name the application and check the radial button to integrate any other application(s) you don’t see in the gallery (i.e. non-gallery items):
-
Once you are at the application overview page, go to the left and click Single Sign-on, and choose SAML from the options:
-
Click Edit next to the Basic SAML Configuration and copy the provided values from the Addigy console into the corresponding fields in the Basic SAML Configuration:
a. Entity ID in Addigy corresponds with the Identifier (Entity ID) in Microsoft Entra IDb. ACS URL in Addigy corresponds with the Reply URL (Assertion Consumer Service URL)
-
Next to Attributes and Claims, click Edit and delete all the existing claims except for the required Unique User Identifier (Name ID)
-
Add a new claim - set the name to email and the source to attribute, and the source attribute as “user.userprincpalname” (minus quotations):
-
Continue adding claims, and set lastName, firstName, and email. It should look like the image below. Save these claims
-
Under the SAML Certificate - download the Certificate (Base64):
-
Upload that .cer file to the Addigy Console in the ADE Settings by clicking Upload Certificate:
-
IIn the Addigy Console in the ADE Settings, copy the Login URL from the Set up “App Name” and paste it into the Single Sign On URL. Copy the Microsoft Entra Identifier and paste it in the Issuer Entity ID field in Addigy:
-
Assign the appropriate users and groups to the Application in Microsoft Entra ID. Only the users assigned to this application will be able to authenticate and enroll devices into your Addigy Environment.
-
Save the Automated Device Enrollment Configuration and enroll your devices.