Configuring Addigy Identity to use Azure AD will allow your end users to be able to log into their MacOS devices using the same email and password they have been provided via AD. This will also make sure that all users are following your password policies and that their passwords stay sync'd across the Identity Provider and local system.


Overview of Configuration Steps:

  1. Enable Addigy Identity (within Addigy)
  2. Select Azure as your Identity Provider with in the policy settings (within Addigy)
  3. Register an Application under your Azure Active Directory instance (within Azure)
  4. Populate Application settings under Addigy Identity policy settings (within Addigy)



1. Enabling Addigy Identity:


Enabling Addigy Identity is simple. We've provided a knowledge base on enabling Addigy Identity Here:

https://support.addigy.com/a/solutions/articles/8000078530-how-to-enable-addigy-identity


Once enabled continue to step 2.


2. Select Azure as your Identity Provider within the policy settings


Now that we have Addigy Identity enabled, we can configure the individual policy settings by:

  • Navigating to the Policies Page.
  • Clicking your preferred policy
  • Selecting Integrations from the policy subheadings
  • Selecting Addigy Identity from the options on the right hand side
  • Select Azure from the Identity Provider dropdown

Once Azure has been selected, this will unveil a few more fields, Tenant ID, Client ID, and Client Secret. Let's move to step 3 to find out how to generate this information.



3. Register an Application under your Azure Active Directory Instance


This part of the setup takes place within the Azure portal. When we arrive at the Azure Portal Homepage:

  • Select Azure Active Directory from the navigation on the left hand side
  • Now that we are within our Active Directory pane, select App Registrations from the secondary navigation on the left hand side.
  •  Now select the New Registration which is located on the top left of the screen.
  • You'll see a form with the following information, Name, Supported Account Types, and Redirect URI.
    • Name: Any name works, we recommend something that would help you remember this App is for Addigy Identity.
    • Supported Account Types: Any options will work, pick which ever suits your organization best.
    • Redirect URI: we require that you pass the following URL: https://login.microsoftonline.com/common/oauth2/nativeclient
  • Once the Application is complete, you'll be redirected to that Applications home page. You'll be able to see the ClientID and TenantID from this page. Take a note of those IDs as we will need them later. 
  • From here select Certificate and Secrets,
    • Then select New Client Secret, you'll be presented with a form asking for a description and expiration period
      • Description: Something that will remind you that this secret is tied to Addigy Identity
      • Expiration: Select an expiration date that works with your companies security posture
  • Once created, make sure your save your client secret as you will not be able to view it in full after refreshing the page.


4. Populate Application settings under Addigy Identity policy settings 

Now that we have our Tenant ID, Client ID, and Client Secret we are ready to populate the Azure information over into the Addigy Identity Policy Settings.


Lets navigate back to Addigy Console and finish where we left off on step 2:

  1. Add in the Tenant ID, Client ID, and Client Secret.
  2. Configure any additional settings such as BG and Logo.
  3. Save and you are all done!



Now that your Addigy Identity is tied to your Azure Active Directory, your users will be able to seamlessly authenticate with the same email and password they are accustom to using within their organization.