Hello,
Is it possible to use Azure AD with a SAML integration with Airwatch (which is in Hybrid mode, I have an On Premise AD too) ?
I have some authentications errors when I try to reach an Azure AD domain from a laptop.
Here is my configuration on Airwatch:
In Directory Services, as I have my internal AD, in Server Tab I have:
Directory type: LDAP - AD
Use SAML for authentication: enabled
Enable SAML for : Enrollment/Self Service Portal
Use new SAML authentication endpoint: enabled
-- in SAML 2.0
Service Provider ID: Airwatch
Identity Provider ID: url with AAD tenant
-- In Request
Request binding type: POST
Authentication response security : None
Identity Provider SSO URL: https://login.microsoftonline.com/mytenant/saml2
NameID Format: email address
-- In Response:
Response Binding Type: POST
Authentication response security : None
--In Certificate:
Azure AD integration: Enabled
Directory ID: my tenant
Use AD for identity Services: Enabled
In User tab:
I have my domain & my Base DN configured, and :
User Object Class: person
User search filter: (&(ObjectCategory=person)(sAMAccountName={EnrollmentUser}))
No custom attributes
My questions : should I put None in Directory Type like Ive read in some documentation? Should I write custom attributes and a new Base DN to fit with AAD?
Thank you for your help
Hi,
I think you don't have to set Directory Type to None.
Your case may fit [Hybrid Azure AD Model using Azure AD Connect] of following techzone document.
https://techzone.vmware.com/enrolling-windows-10-devices-using-azure-ad-workspace-one-uem-operationa...
Hi , thx for reply !
finally we create another OG which is configured to reach our Azure AD.
But we stil have a problem when we try to enroll a PC throught Access Work or School setting in Windows 10, with our AAD account :
"The resource principal named <mdm url> was not found in the tenant named xxxx. This can happen if the application has not been installed by the admin of the tenant or consented to by any user in the tenant. you might have sent your authentication request to the wrong tenant"
Anyone ever had this issue?
Thanks!
Hi,
I have successfully setup a Azsure AD with SAML integration by using the blog by Charlie Hodge here:
This should be enough to guide you.