Identity service configuration
Starting from UEM3.0, MCM extends the capability to identify and manage devices based on users. The users can be identified based on their associated attributes including names, roles, group memberships, distribution list memberships, or physical locations. The devices identified based on users can then be targeted and managed through various configurations to provide conditional access and ensure compliance, endpoint security, and App protection.
Active Directory/LDAP
Active Directory is a Microsoft technology that provides a centralized authentication and authorization service for Windows-based computers. While Active Directory is primarily used in Windows environments, LDAP is more commonly used in heterogeneous environments that include different operating systems and directory services.
BigFix MCM offers many device enrollment options. One of the options is to configure Secure Lightweight Directory Access Protocol (LDAPS) authentication for Over-the-Air (OTA) enrollment. This limits enrollment to your MDM server to authorized users only.- LDAPS URL
- The Base Distinguished Name (base DN)
- The Bind Distinguished Name (bind DN)
- The bind password
This information is configured as part of the MDM admin steps to configure identity service in WebUI Manage MDM server capability page.
Azure Active Directory (Azure AD)
Organizations can use Azure AD to manage user identities and control access in on-premises, hybrid, and cloud environments. Azure AD helps centralize identity and access management (IAM) to enable secure and productive access between apps, devices, services, and infrastructure.