With the latest version XenMobile server, you are provided with a new feature where an end user can use their Azure Active Directory credentials to enroll their Windows, iOS and Android devices to the XenMobile server. In this case Azure Active Directory will be the Identity provider and XenMobile server will act as a service provider.
To achieve the above use case, you as an admin need to setup the following.
1. Configure On perm MDM application in Azure Active Directory.
2. Configure Azure Active Directory as an Identity Provider in the XenMobile Server.1. | Login to Azure Portal.(https://portal.azure.com), post login click on Azure Active Directory à Mobility (MDM and MAM) and click Add.![]() |
2. | From Add an application pane, click on On-Premise MDM application.![]() Provide the Name of the application and click Add. ![]() |
3. | Select the Application that you have created. · Under Configure pane, select the targeted MDM User group · Provide the MDM Terms of User URL as “https://<XMS Enrollment FQDN>:8443/zdm/wpe/tou” · Provide MDM Discovery URL as “https:// <XMS Enrollment FQDN>:8443/zdm/wpe” and then save the config. Now click on “On-Premise MDM application settings” ![]() |
4. | In the Properties pane, set the APP ID URL as “https:// <XMS Enrollment FQDN>:8443” and note the Application ID (which you will be using it as Client ID in XenMobile configuration) Note: This App ID URI is a unique ID which you will not be allowed to used again in any other app. ![]() |
5. | Click on the Keys tab to create an authentication key by providing the Description and Expiry, Save the configuration to view the key value. Note: Key will be only be displayed once the config has been saved. ![]() |
6. | Tenant ID can be found in the Help (?) à Show Dialogistic page![]() Now Look for the Teant ID in the Pop up page. ![]() |
1. | Login to the XenMobile server using a browser. Go to settings, Under Authentication Click on the Identity Provide (IDP). ![]() |
2. | Now under Identity Provide (IDP), click Add.![]() |
3. | 1. Provide the IDP Name (Enter a name of your choice) 2. Select the IDP Type as Azure Active Directory from the dropdown 3. Provide the Tenant Id that you have from the previous section 4. Scroll down and click Next. Note: Other details are automatically pre-populated after you provide the Tenant ID. ![]() |
5. | If you planning to manage Windows 10 devices, then provide App ID URI, Client ID and Key details which you have collected in the previous section. Click Next ![]() |
6. | Under Secure Hub, all the details will be pre-populated, click Next to continue.![]() |
7. | Under IDP Claims Usage section, select the User identifier type as UserPrincialName, the User Identifer String will be automatically pre-populated. Click Next ![]() |
8. | Review the summary and then Save the configuration. ![]() |
1. | On your iOS device download Secure Hub from App Store. Launch Secure Hub, provide the enrollment FQDN and click Next.![]() |
3. | On “Enroll Your iPhone” popup, tap on Yes, Enroll![]() |
4. | Secure Hub will now be redirected to the Microsoft Login screen. Enter the Azure Active Directory credentials and click Sign in. ![]() |
5. | On successful authentication, the Enrollment in progress status is displayed.![]() |
6. | Certificate and profile are pushed down to the device. The end user will have to install the Enrollment Certificate and Profile. ![]() |
7. | Once the enrollment is completed, user will be asked to set a Citrix Pin for the Secure Hub.![]() |
8. | After setting the Citrix Pin, user will be able to view/access the apps entitled.![]() |