Configuring Identity with Entra ID (formerly Azure Active Directory) enables end users to log into macOS devices using their Azure credentials. For more details on Addigy Identity and its benefits, refer to our general overview article:
Note: Identity currently supports Microsoft Entra ID (formerly Azure Active Directory) cloud-only implementations and select Hybrid configurations, including Hybrid identity with Password Hash Synchronization (PHS) or Pass-Through Authentication (PTA). Microsoft Entra ID Federation Services (formerly ADFS) is not supported. For more details on supported Hybrid identity configurations, please review the documentation.
- What Is Hybrid Identity With Microsoft Entra ID?
- Addigy Identity using Azure supports collection of Device user attributes into Addigy Facts.
Enabling Addigy Identity
Enabling Addigy Identity is easy. See our knowledge base article for guidance:
Select Azure as your identity provider within the policy settings
With Identity enabled, configure the policy settings by following these steps:
- Navigate to Policies > Settings > Identity.
- Select Azure from the identity provider dropdown.
After selecting Entra ID (formerly Azure Active Directory), the Tenant ID, Client ID, and Client Secret fields will appear. Proceed to step 3 to generate this information.
Note: The Client Secret is required only if your Microsoft Entra ID (formerly Azure Active Directory) application is registered as "Web."
Register an application under your Microsoft Entra Instance
Note: This application requires user.read permissions for Addigy Identity to work properly.
- Navigate to the Microsoft Entra Portal Homepage.
- Select App Registrations.
- Select New Registration, which is located on the top left of the screen.
- Select a Name for the app registration.
- Select a Supported Account Types option that best suits your organization.
- Select either Web (required to use MFA) or Public Client/Native and add the following Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient
- Select Register.
- Once the application is complete, you'll be redirected to that application's home page. You'll be able to see the Client ID and Tenant ID from this page. Take note of these IDs as they will be needed later.
- Next, select API Permissions from the left navigation. Select Grant admin consent for [exampledomain].ad.
- If you are using "Web" for the application you registered, generate a client secret in the Certificates & Secrets section. Take note of the expiration date as it will have to be renewed.
A client secret should not be used if using "Public client/native". Note: The Client Secret VALUE must be used for the client secret, not the Secret ID.
Populate Application settings under Identity policy settings
Now that you have the Tenant ID, Client ID, and Client Secret, follow these steps in the Addigy console:
- Enter the Tenant ID, Client ID, and Client Secret (if the Entra application is registered as "Web").
- Configure additional settings like background and logo.
- Save your changes.
Once Identity is linked to Microsoft Entra ID (formerly Azure Active Directory), users can seamlessly authenticate with their organizational email and password.
Additional Information
Branding The Sign-In Page
Microsoft allows you to customize the sign-in form's logo and colors to match your organization's branding. Any changes made in your Microsoft Entra ID (formerly Azure Active Directory) settings will also be reflected in the Identity sign-in form.
Duo's Two-Factor Authentication with Microsoft Entra ID
Addigy Identity v2.13.5 now supports integrating Duo's two-factor authentication with Microsoft Entra ID (formerly Azure Active Directory) Conditional Access policies. This integration adds an extra layer of security to Azure logins, along with the convenience of Duo Universal Prompt.
To learn more about utilizing this feature, visit the Duo Two-Factor Authentication for Microsoft Entra ID (https://duo.com/docs/azure-ca#about-azure-conditional-access) for detailed documentation and guides on setting up, configuring, and using the service.