By integrating the mobile device management solution with the Active Directory, you can import your
class roster and School’s hierarchy. It’ll provide seamless control over importing your
School’s hierarchy and supports single sign on (SSO) for Teachers.
We will share in this article some best practices to integrate AD with the MDM and get
all the user data ready to the Apple deployment for the next School-year! But before...
Do you know how the Active Directory works?
If not, we gather what you need to know in one sentence: basically, Active Directory
is a directory service that authenticates users (like the students and teachers of your
educational institution) and devices (such iPads and Mac computers) in a Windows domain network.
When using the Active Directory, school’s admins are able to:
- ● Organize users subjected to the organization’s domain password policies;
- ● Use the same students and teachers institutional credentials to authenticate
and gain authorization to secured resources;
- ● Configure the attributes to have issued users and machine certificate
identities from an Active Directory Certificate Services server;
- ● Automatically traverse a Distributed File System (DFS) namespace and
mount the appropriate underlying Server Message Block (SMB) server.
Check out some tips to integrate the AD smoothly:
- ● To integrate the Active Directory with the MDM solution, the IP must be public
facing as it needs to be reachable by the MDM server.
- ● It is possible to connect using a WAN IP, as long as the firewall is
properly configured to allow the traffic from the MDM server to the Domain Controller/Active Directory Server.
- ● Remember: just the Active Directory version 3 supports more than 1000 entries.
- ● It’s important to verify if the IPs from the MDM solution are allowed
within the firewall settings of the school’s network.
- ● Check the port! Port 389 is the default used for non-SSL and port 636 for
those who use SSL Security Certificate. While it’s possible to configure any
port, try to avoid using other commonly used ports such as port 22 in this case.
- ● If you are using an SSL Security Certificate, the MDM solution will also need
the DC root certificate and the LDAP combined as one.
Easy Integration with Mosyle Manager:
Active Directory has many ways of organizing data, therefore it’s necessary
to have options when mapping and/or binding attributes and variables. This
process can be challenging, therefore we have created a very intuitive interface
to simplify it while offering more flexibility to Active Directory Integration.
After enabling the structure sync in the Active Directory integration, the Admin can
enter any attribute to import and bind Students, Teachers, Grade Levels and Class Periods. You can check more
about this feature in our Release Notes.
Leave a comment or tweet us if you have any question about integrating Active Directory with MDM solution!