One of the common business challenges is to simplify the life of the employees, adopting one or more Single Sign On solutions.
What is Single Sign On (SSO)?
Single Sign On is a solution that let to use a unique user account across all the company’s services and software tools. The employee has to know only one username and one password to login into the email, ERP or wifi network.
A lot of companies uses Office 365, Microsoft 365 or Azure and they want to extend SSO onto all the mobile devices’ fleet.
Thanks to an MDM like Chimpa MDM, administrators can manage Microsoft SSO from the enrollment to the user enviroment.
Zero-touch Enrollment and Managed Apple ID
Thanks to Apple Business Manager or Apple School Manager, devices can be configured in a blink of an eye. In fact, after connecting Apple portal with Chimpa MDM, devices must be switched on and it will receive automatically all the configurations over-the-air.
Admin has to enable Azure federation on Apple Business Manager. As a result, users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs.
Chimpa MDM allows integration with Azure on Chimpa Admin, so the users can insert their Microsoft account to authorize the Remote Management phase.
Admin has to create a rule that assigns and auto installs Microsoft Apps from Chimpa Admin, using VPP licensing.
Note: It is very important that Microsoft Authenticator app is installed because it will manage the SSO procedures.
Another thing to do on the Chimpa Admin is to create a configuration profile containing the Extensible SSO payload, compatible from iOS 13 and iPadOS 13.
Additional info for this configuration are available at this link.
At this point, users unbox the new received device that was prepared to follow the zero-touch configuration and the enrollment with Chimpa MDM.
Follow the Setup Assistant after powering on the device, set country, language, wifi or cellular connection. After some seconds, Remote Management screen will popup. User can easily authenticate via a Microsoft account thanks to the integration between Chimpa MDM and Azure SSO.
The device has been enrolled on Chimpa MDM and automatically starts to download work apps, settings and restrictions.
User could add its own Managed Apple ID using Azure federation and, one more time, the Microsoft account in one app.
In fact, after this “last” authentication, Microsoft Authenticator app will assist every access on compatible apps and sites.