Identity service configuration

Starting from UEM3.0, MCM extends the capability to identify and manage devices based on users. The users can be identified based on their associated attributes including names, roles, group memberships, distribution list memberships, or physical locations. The devices identified based on users can then be targeted and managed through various configurations to provide conditional access and ensure compliance, endpoint security, and App protection.

Active Directory/LDAP

Active Directory is a Microsoft technology that provides a centralized authentication and authorization service for Windows-based computers. While Active Directory is primarily used in Windows environments, LDAP is more commonly used in heterogeneous environments that include different operating systems and directory services.

BigFix MCM offers many device enrollment options. One of the options is to configure Secure Lightweight Directory Access Protocol (LDAPS) authentication for Over-the-Air (OTA) enrollment. This limits enrollment to your MDM server to authorized users only.
To enable the BigFix MDM server to verify the user at the time of enrollment, the following information is required:
  • LDAPS URL
  • The Base Distinguished Name (base DN)
  • The Bind Distinguished Name (bind DN)
  • The bind password

This information is configured as part of the MDM admin steps to configure identity service in WebUI Manage MDM server capability page.

Azure Active Directory (Azure AD)

Organizations can use Azure AD to manage user identities and control access in on-premises, hybrid, and cloud environments. Azure AD helps centralize identity and access management (IAM) to enable secure and productive access between apps, devices, services, and infrastructure.

Configure Identity Service

To configure the identity service for your organization through WebUI, follow the instructions at Manage MDM server capability.
Important: The default setting for Identity Service is no-auth. To take advantage of identity-based management capabilities, you need to configure AD/LDAP or Azure AD.

Troubleshoot

To troubleshoot LDAP and Azure AD connectivity issues, read the following topics: