Meraki

Community

ADE & Azure AD User authentication

Solved
beks88_
Here to help
‎Nov 3 2023 4:26 AM
‎Nov 3 2023 4:26 AM

ADE & Azure AD User authentication

Hi all,

 

is it now possible to use Azure AD for user authentication on SM?

 

The initial document still says, it's not supported (Feb 2023)

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication

 

Another document (under User management) let us assume it is indeed supported (Jun 2022)

https://documentation.meraki.com/SM/Deployment_Guides/Apple_User_Enrollment_Deployment_Guide

 

In this thread this part got also a bit discussed and at this time the first document was older than the second one.

https://community.meraki.com/t5/Mobile-Device-Management/Smartphone-enrolment-Apple/m-p/160251#M9599

 

What is now accurate?

Systems Manager enthusiast
Labels:
1 Accepted Solution
PaulF
Meraki Employee
Meraki Employee
‎Nov 3 2023 9:08 AM
‎Nov 3 2023 9:08 AM

The way to achieve this is to use, one creating a NEW ADE profile, is to use the Enrollment Redirect URL

Screenshot 2023-11-03 at 16.02.51.png

 

If you've got Enrollment Auth turned on and Azure Configured, then you'll get this as an option

 

Screenshot 2023-11-03 at 16.07.32.png

 

Note: I've got OpenID connect with Azure configured, not azure natively, but it does work

View solution in original post

5 Replies 5
ConnorL
Meraki Employee
Meraki Employee
‎Nov 3 2023 6:20 AM
‎Nov 3 2023 6:20 AM

Hey @beks88_ ,

 

During the Apple Automated Device Enrollment set-up process (i.e. when you're first setting up the device), we do not support using Azure AD and instead it'll fall back to using Meraki credentials (SM > Owners). Appreciate the different KBs make this a little confusing so I'll request some clarification is added here. 

 

Cheers,

 

Connor

PaulF
Meraki Employee
Meraki Employee
‎Nov 3 2023 9:08 AM
‎Nov 3 2023 9:08 AM

The way to achieve this is to use, one creating a NEW ADE profile, is to use the Enrollment Redirect URL

Screenshot 2023-11-03 at 16.02.51.png

 

If you've got Enrollment Auth turned on and Azure Configured, then you'll get this as an option

 

Screenshot 2023-11-03 at 16.07.32.png

 

Note: I've got OpenID connect with Azure configured, not azure natively, but it does work

In response to PaulF
beks88_
Here to help
‎Nov 4 2023 3:08 AM
‎Nov 4 2023 3:08 AM

I'll try this, thanks

Systems Manager enthusiast
0 Kudos
In response to PaulF
beks88_
Here to help
‎Nov 7 2023 7:09 AM
‎Nov 7 2023 7:09 AM

This is working fine. The only thing I'm not able to test (since I have no access to customers Azure config) is the question if groups get synced to Meraki.

The log in redirection to Microsoft works fine here. Maybe you could update the docs to match the use case since they are still misleading.

 

One thing to note here; the customer I tested it with has also Android Enterprise (Meraki managed) active.

Systems Manager enthusiast
0 Kudos
In response to beks88_
PaulF
Meraki Employee
Meraki Employee
‎Nov 8 2023 6:50 AM
‎Nov 8 2023 6:50 AM

@beks88_ 

 

We support groups syncing with:

 

  • Azure
  • SAML and
  • AD
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.