Configuring Addigy Identity with Entra enables end users to log into their macOS devices using their Entra credentials. For more details on Addigy Identity visit our Addigy Identity Overview article.
Note: Identity currently supports Microsoft Entra cloud-only implementations and select Hybrid configurations, including Hybrid identity with Password Hash Synchronization (PHS) or Pass-Through Authentication (PTA). Microsoft Entra Federation Services (formerly ADFS) is not supported. For more details on supported Hybrid identity configurations, please review the documentation.
Enabling Addigy Identity
To enable Addigy Identity navigate to Account > Integrations > Addigy Add-ons. Click on Addigy Identity and toggle on the 'Enabled' switch on the top right. Once enabled you will see a green outline and a green checkmark appear as shown in the screenshot below:
Select Entra as your identity provider within a policy
- After Addigy Identity is enabled navigate to Policies > Integrations & Settings > Identity.
- Select Microsoft Entra (Microsoft Azure Active Directory) from the identity provider dropdown.
- Once selected the Tenant ID, Client ID, and Client Secret fields will appear. Proceed to the next step to continue configuring Addigy Identity.
Note: The Client Secret is required only if your Microsoft Entra application is registered as "Web."
Register an application within your Microsoft Entra Instance
Note: This application requires user.read permissions for Addigy Identity to work properly.
- Navigate to the Microsoft Entra portal homepage.
- Select App Registrations.
- Select New Registration, which is located on the top left of the screen.
- Select a name for the app registration.
- Select a Supported account types option that best suits your organization.
- Select either Web (required to use MFA) or Public Client/Native and add the following Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient
- Select Register.
- Once the application is complete, you'll be redirected to that application's home page. You'll be able to see the Client ID and Tenant ID from this page. Take note of these IDs as they will be needed later.
- Next, select API Permissions from the left navigation. Select Grant admin consent for [exampledomain].ad.
-
If you are using "Web" for the application you registered, generate a client secret in the Certificates & Secrets section. Take note of the expiration date as it will have to be renewed.
A client secret should not be used if using "Public client/native".Note: The client secret VALUE must be used for the client secret, not the Secret ID.
Finalize Addigy Identity configuration
Enter the Tenant ID, Client ID, and Client Secret (if the Entra application is registered as "Web") as shown in the screenshot below:
Customize Addigy Identity
You can customize Addigy Identity by enabling or disabling these settings:
Visit our Addigy Identity Overview article to see how each setting will impact the end user.
Collect User Attribute Data
You can Collect User Attribute Data by enabling this setting:
To configure User Attributes visit our Addigy Identity User Attributes for Entra article.
Login Window Theme
You can customize the Login Window Theme by uploading a background image and logo:
Scroll to the bottom of the page and click Save Changes.
Once the changes are saved and the policy deploys Addigy Identity will install on end users device. Upon the end user rebooting their device they will be able to seamlessly authenticate with their organizational email and password. Visit our Addigy Identity End User Experience article to see how Addigy Identity appears and functions on your end users devices.
Branding The Sign-In Page
Microsoft allows you to customize the sign-in form's logo and colors to match your organization's branding. Visit Microsoft's article on Branding your Entra sign-in page for more details. Any changes made in your Microsoft Entra settings will also be reflected in the Identity sign-in web view.