Skip to main content

Domain Join

The Domain Join payload in SureMDM enables administrators to integrate Linux devices into domain environments using either Google Workspace or Microsoft Entra Domain Services. This feature simplifies domain configuration and device authentication, ensuring centralized control and management of Linux devices.

The Domain Join feature provides administrators with the ability to:

  • Connect Linux devices to organizational domains.
  • Manage domain configurations for Google Workspace or Microsoft Entra Domain Services.
  • Configure binding types (One-to-one or Generic) for Microsoft Entra Domain Services.

Steps to Add Domain Join Configuration

To use the Domain Join feature, administrators need to configure the domain settings in the SureMDM console before creating and applying the profile.

Steps to Add Domain Join Configuration:

  1. Log in to the SureMDM console.

  2. Navigate to Account Settings:

    • Click on the Settings icon in the top-right corner of the console.

  3. Select Linux Management under Account Settings.

  4. Go to the Miscellaneous section and click on Domain Join Configuration.

  5. Choose the Server Type:

    • Microsoft Entra Domain Services
    • Google Workspace

  6. Fill in the required details based on the selected Server Type:

    • For Microsoft Entra Domain Services, enter the following details:
      • Server Path: Enter the full path to your LDAP server. This should include the server's address.
      • Secure LDAP external IP Address: Enter the external IP address for the Secure LDAP server.
      • User Name: Enter the username required to authenticate with your LDAP server. This user should have the necessary permissions to access the directory.
      • Password: Enter the password associated with the username. Click the eye icon to reveal or hide the password.
      • Searchbase: Enter the base DN (Distinguished Name) from which the LDAP search will start. This defines the top level of the directory tree to search within.

    Note: Download the .pfx file and upload it to Microsoft Entra Domain Services to complete the configuration. Refer to the Microsoft article for detailed instructions.

    • For Google Workspace, enter the following details:
      • Server Path: Enter the full path to your LDAP server. This should include the server's address.
      • Upload .crt file: Upload the certificate file (.crt) for the Google Workspace LDAP server.
      • Upload .key file: Upload the certificate file (.crt) for the Google Workspace LDAP server.

    Note: Please ensure that the .crt and .key files are correctly uploaded. These are required for authentication with the Google Workspace LDAP server. Refer to this article for detailed instructions.

  7. Save the configuration.

Configuring the Domain Join Payload

Once the Domain Join Configuration is added, administrators can create a Linux profile with the Domain Join profile to apply the domain settings to devices.

Steps to Configure the Profile:

  1. Go to the SureMDM console and navigate to Profiles.

  2. Select Create Profile > Linux or edit an existing Linux profile.

  3. In the profile configuration page, select Domain Join from the list of available payloads.

  4. Select Enable Domain Join and Select Server Type as Microsoft Entra Domain Services or Google Workspace from the drop-down.

  5. Select the configuration added in Account Settings > Linux Management > Miscellaneous.

  6. For Microsoft Entra Domain Services, select Binding Type:

    • One-To-One:
      • One-To-One Binding is supported on SAML-based enrollments only. Please note that enabling SAML will require your IDP credentials to enroll all supported platform devices.
    • Generic Binding:
      • Generic binding allows any user who belongs to the assigned Microsoft Entra ID group to log in via domain join configuration. In contrast, one-to-one binding restricts login to the specific user whose username was used during SAML enrollment.

  7. Save the profile.
    The newly created profile will be listed in the Profile List section.

  8. Go back to the Home tab and select the Windows device(s) or group(s).

  9. Click Apply to launch the Apply Job/Profile To Device prompt.

  10. Select the profile under All Jobs/Profiles.

  11. Click Apply in the Apply/Profile To Device prompt.

Note:

  • Ensure the domain credentials and configurations provided are accurate to prevent errors during deployment.
  • When using Microsoft Entra Domain Services, carefully choose the Binding Type:
    • One-to-one ensures device-specific login and is suitable for high-security environments.
    • Generic allows broader access for all domain users, ideal for shared or multi-user devices.
  • Changes to the Domain Join Configuration will require updating the Linux profile and reapplying it to the devices.