Many organizations are adopting best of breed approach to build their own remote workspace. In this post, I am going to show you how to get WSO UEM integrated with Azure AD to provide SSO.
User is redirected to Azure AD login screen during device enrollment to WSO UEM.
This is the official guide to get the best UEM and the best IdP to work together.
I was following the tutorial to get things setup. However, I realized four important steps were missing out from the tutorial.
The first one are the reply URLs on Azure side. Please make sure you have all the listed URLs specified.
The second one is on the WSO UEM side. Please make sure you have directory enrollment enabled.
The third one is the NameID Format on UEM console. Please use "Unspecified" instead of "Email address".
The last one is the domain in "user" setting. Please use "WAAD" in all occasions.
Account synchronization has not been setup in my demo. Instead, a dummy basic account is created on UEM side.
In production environment, ACC is required to synchronize user accounts from on-premises AD to UEM. Please see the tech note for details:
In this demo, a dummy basic account with the same Azure account name was created. It is not necessary to make the password identical for the Azure and UEM account.
It is also a good idea to populate the User Principal Name filed of the dummy testing account the same as the email address.
With the two additional configurations and a dummy account, WSO UEM + Azure AD SAML SSO demo is completed. We are now ready to run a test.
In case you cannot get authenticated, please first make sure you have the Enterprise App Airwatch assigned to your testing account.
If you have already done that, please review your attribute mapping on Azure and UEM.
To perform troubleshooting, you can use SAML tracing tool for Chrome browser.
With a tracer, you will get to see SAML in action.
You can also choose to use SSO in three of the cases: administrator authentication, device enrollment authentication and self service portal authentication.
References:
Kommentarer