Skip to main content

ADFS

This strategic approach seamlessly integrates Active Directory Federation Services (ADFS) with the 42Gears UEM Agent, maintaining a strong balance between user convenience and enterprise security.

The integration begins by configuring ADFS as a SAML Identity Provider (IdP) to enable Shared Device Mode. This involves creating a custom Relying Party Trust in ADFS, setting the SAML authentication parameters, and managing user access policies through Active Directory.

The setup then extends into the SureMDM and SureLock applications, creating a unified authentication experience that simplifies access while safeguarding shared device environments.

The integration process consists of three main steps:

  • Configure ADFS for SAML Integration

  • Configure Shared Device Mode in SureMDM

  • Configure SureLock Settings

Step 1: Configure ADFS for SAML Integration

  1. Start the ADFS server on the designated Windows machine:

    • Press Windows + R → type mstsc → click OK.

    • In the Computer field, enter the Server IP Address and click Connect.

    • Enter your credentials when prompted.

  2. On the ADFS server, open the ADFS Console:

    • Go to Server Manager > Tools > ADFS Management.

alt text

  1. Click Relying Party Trust > Add Relying Party Trust.

  2. Navigate to Endpoints and click Add SAML.

    • Choose Binding = POST.

    • Enter the Trusted URL and assign a Unique Index. Trusted URL: https://<Account_URL>/sharedsaml?id=<Account_ID>

      note

      In the above example, <Account_ID> & <Account_URL> represents your SureMDM account ID.

  3. Edit the Claim Issuance Policy:

    • Add a New Claim Rule.

    • Provide a Claim Rule Name, select the Attribute Store, and map the LDAP Attribute.

  4. Navigate back to Server ManagerActive Directory Users and Computers.

    • Create a New User: Enter First Name, Full Name, and User Logon Name, and then click Next.

    • Set the Password and click Next.

    • Once created, navigate to All Users → open the new user → confirm the Display Name.

At this stage, ADFS has been successfully configured as the IdP for Shared Device Mode.

Step 2: Configure Shared Device Mode in SureMDM

  1. Log in to the SureMDM Console.

  2. Navigate to Settings > Account Settings > Shared Device Mode.

  3. Choose Authentication Type as SAML Authentication.

  4. Select ADFS as the IdP.

  5. Enter the respective values copied from ADFS and upload the certificate.

  6. Click Apply to save the settings.

note

Enter the Meta Tag Key that was created while editing the user in Active Directory.

Step 3: Configure SureLock Settings

  1. In the SureMDM Console, go to the Jobs section.

  2. Click New Job > Android > SureLock Settings Job.

  3. Scroll to Shared Device Mode.

    • By default, it is disabled. Enable the checkbox.

  4. Create a Profile in the Profile Management section.

note

The Profile Name should match the Display Name of the user in Active Directory.

  1. Under User Authentication, click Server Configuration.

  2. Select Use Config from SureMDM Server and click Save.

  3. Push the SureLock Settings Job to the required devices.

    alt text

On the device:

  • Launch SureLock and tap Launch.

  • Enter the ADFS username and password.

  • The configured profile for the user will load successfully.