Configuring Addigy Identity to use Azure AD will allow your end-users to be able to log into their macOS devices using the same email and password they have been provided via AD. This will also make sure that all users are following your password policies and that their passwords stay synced across the Identity Provider and local system.
Note: At this time, Addigy Identity is fully supported on Azure cloud-only implementations and a subset of Azure AD Hybrid configurations. Azure AD Hybrid Identity with Password Hash Synchronization (PHS) or Pass-Through Authentication (PTA) is supported at this time. Azure AD Federation Services (AD FS) is not supported. For more information on the different Hybrid Identity configurations supported in Azure AD, please review What is hybrid identity with Azure Active Directory?
1. Enabling Addigy Identity:
Enabling Addigy Identity is simple. We've provided a knowledge base on enabling Addigy Identity Here:
Once enabled continue to step 2.
2. Select Azure as your Identity Provider within the policy settings
Now that we have Addigy Identity enabled, we can configure the individual policy settings by:
- Navigating to the Policies Page.
- Clicking your preferred policy
- Selecting Integrations from the policy subheadings
- Selecting Addigy Identity from the options on the right-hand side
- Select Azure from the Identity Provider dropdown
Once Azure has been selected, this will unveil a few more fields, Tenant ID, Client ID, and Client Secret. Let's move to step 3 to find out how to generate this information.
3. Register an Application under your Azure Active Directory Instance
This part of the setup takes place within the Azure portal. When we arrive at the Azure Portal Homepage:
- Select Azure Active Directory from the navigation on the left-hand side
- Now that we are within our Active Directory pane, select App Registrations from the secondary navigation on the left-hand side
- Now select the New Registration which is located on the top left of the screen.
- You'll see a form with the following information, Name, Supported Account Types, and Redirect URI.
- Name: Any name works, we recommend something that would help you remember this App is for Addigy Identity.
- Supported Account Types: Any options will work, pick whichever suits your organization best.
- Redirect URI: Click the dropdown and Web then enter the following URI: https://login.microsoftonline.com/common/oauth2/nativeclient
- Once the application is complete, you'll be redirected to that Applications home page. You'll be able to see the ClientID and TenantID from this page. Take note of those IDs as we will need them later.
- Next, Select API Permissions from the left navigation. And select Grant admin consent for "EXAMPLEDOMAIN.ad" (in this example below we see addigy.ad)
- Lastly, Generate a Client Secret by heading over to the Certificates & Secrets section. (Take note of the expiration date as it will have to be renewed)
Note: The VALUE must be used for the client secret, not the secret ID.
4. Populate Application settings under Addigy Identity policy settings
Now that we have our Tenant ID, Client ID, and Client Secret, we are ready to populate the Azure information over into the Addigy Identity Policy Settings.
Let us navigate back to Addigy Console and finish where we left off on step 2:
- Add in the Tenant ID, Client ID, and Client Secret
- Configure any additional settings such as Background and Logo.
- Save and you are all done!
Now that your Addigy Identity is tied to your Azure Active Directory, your users will be able to seamlessly authenticate with the same email and password they are accustomed to using within their organization.