Connect Ivanti Neurons for MDM with Azure Active Directory User Source

To work with Azure Active Directory (AAD), you must configure Ivanti Neurons for MDM with details about your Microsoft AAD account. You require an existing and configured Microsoft AAD account. This solution requires no on-premise connector or LDAP.

This section contains the following topics:

Use cases

You can connect Ivanti Neurons for MDM with AAD for one of the following use cases:

  • Work with Microsoft Office 365
  • Set up Microsoft AAD, Microsoft ADFS, or another SAML 2.0 Identity Provider (IdP) for user authentication
  • Set up Microsoft AAD as your user source
  • Sync users from Microsoft AAD and get started. All users and groups in your AAD domain will be synced to your Ivanti Neurons for MDM instance

    A notification is displayed in the Notifications page if there is an error in AAD sync due to the following reasons:

    • AAD service is unreachable
    • All user attributes are not synchronized with AAD
    • Some user attributes are not synchronized with AAD

  • Environments with multiple IdPs are currently not supported.

  • If you are not using Microsoft AAD as your user source, you can use Local Accounts or source users from LDAP. This requires setting up an Ivanti Neurons for MDM connector to access LDAP resources on-premise.

  • Using Microsoft AAD only for user authentication and using an on-premise LDAP for user directory is currently not supported.

Using Azure Active Directory

To use AAD, set up your Identity Provider for user authentication in one of the following methods:

  • To use Microsoft AAD for both user source and user authentication, setup AAD as your IdP. Go to Admin > Identity > Ivanti Neurons for MDM IdP Setup and select AAD from the menu.
  • To use Microsoft AAD for user source and to use ADFS for user authentication, setup ADFS as your IdP. Go to  Admin > Identity >On-Prem IdP Setup and select ADFS from the menu.
  • To use a SAML 2.0 IdP other than AAD and to use ADFS for user authentication, go to  Admin > Identity >Generic IdP Setup and follow the instructions on the page.

For more information, see Configure Identity Provider.

Azure Active Directory Settings

This topic helps you configure the Azure Active Directory settings.

Procedure

  1. Go to Admin > Microsoft Azure > AAD User Source.

  2. Specify the following details:
    1. AAD Name.
    2. Sync Interval - Modify the frequency that Ivanti Neurons for MDM synchronizes user data from your AAD.
    3. Enable this AAD - Use this option to enable or disable AAD instance.
    4. Select Automatically invite users imported from AAD - Manage whether users imported from AAD to Ivanti Neurons for MDM are automatically invited to register via email.
    5. Select Managed Apple ID - Choose to sync Managed Apple ID for the AAD users.
      • None
      • Pattern -
        • User email address
        • userUPN
        • (Optional) select the Include "appleid" subdomain option to avoid conflict with existing Apple IDs.
    6. (Optional) Click Add Custom Attribute - Specify custom user attributes from your directory service that you want to apply to device management. Each attribute can then be referenced by ${attributeName} in configuration fields that support variables. Use of this option requires consistent implementation of custom attributes across AAD servers. If an AAD server included in your implementation does not use this attribute, then features dependent on this attribute might not work as expected.
  3. Click Save after modifying the AAD settings.