Meraki

Community

Android Enrollment Question

mrjrtykr
Comes here often
‎May 8 2024 7:40 AM
‎May 8 2024 7:40 AM

Android Enrollment Question

We recently setup AD integration on an MX for the purpose of enrolling a user's BYOD Android device.  We can make it work, but, the issue we run into is this:  When we create Android configuration setting, we can ONLY get it to work if we use the "Owner Email" and "Owner Username" as the values for their respective keys.  


The problem with that is that the AD sync process only sets the user name as username@domain.com which is replicated as the email address.  Unfortunately, we use firstname.lastname@domain.com as our email address format.  Further, to successfully login, the user name must be in the format of domain\username which is not what the AD sync sets as the owner username.

 

We tried using setting the key value type to TXT and using variables of $emailaddress$ and $username$ as the instructions indicated was possible but, either we did it wrong or it just doesn't work as designed.

 

At this point, we're stuck with having to manually adjust the owner information to get Androids to work.  iOS devices do not have this issue as you can set the domain information in the apple mail settings profile.

 

Any ideas/guidance would be appreciated.

Labels:
0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 8 2024 2:28 PM
‎May 8 2024 2:28 PM

I don't understand what the MX has to do with in this process.

 

The MDM users whatever Enatra ID wants to use for a username.  I don't understand wy you couldn't use  firstname.lastname@domain.com on the Android device.

 

What login screen is the user trying to log into?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 8 2024 2:29 PM
‎May 8 2024 2:29 PM

Hold on - I think I am starting to understand.  You are actually authenticating directly against AD.

 

Could you authenticate against Entra ID instead?  Do you have Office 365?  That is probably an easier way to go.

0 Kudos
mrjrtykr
Comes here often
‎May 8 2024 2:33 PM
‎May 8 2024 2:33 PM

Thanks for the replies.  We're an on-prem Exchange shop at the moment.  And the only login option we see when the user launches the Meraki Systems Manager app is username and password.

0 Kudos
PaulF
Meraki Employee
Meraki Employee
‎May 13 2024 3:50 AM
‎May 13 2024 3:50 AM

Screenshot 2024-05-13 at 11.49.15.png

 

Have you tested with the Email Domain name (Systems Manager > General > End User authentication settings) to manipulate the domain (ie: getting the username from AD and then adding acme.com to the end)?

0 Kudos
mrjrtykr
Comes here often
‎May 13 2024 7:31 AM
‎May 13 2024 7:31 AM

@PaulF 

That is exactly how we have it configured.  Unfortunately, it sets the email address as username@hattiesburgclinic.com and the username is set to username@hattiesburgclinic.com.  Our email address is based on firstName.LastName@hattiesburgclinic.com and the for the authentication to work, the username must be formated as hbclinic\username.

0 Kudos
mrjrtykr
Comes here often
‎May 13 2024 7:33 AM
‎May 13 2024 7:33 AM

@PaulF If this setup is actually supposed to pull in what we need, then we either have something misconfigured, or something is broken.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.