Xinca lets you enroll users from Microsoft Azure into Xinca via an automated process by presenting a web clip onto the users device. This web clip enables authentication through Microsoft Azure, importing the user into Xinca and linking the Azure account with the used iPad.
Microsoft Azure ZMS implementation and setup details:
Step 1: Azure > Login
Login with your Azure Admin account.
Step 2: Azure > Active Directory: Create Application for ZMS
- Within the Azure Active Directory folder create an application named ZMS.
- App Registrations > New application registration
- Name > XMS
- Application type: Web app / API
- Sign-on URL: https://www.xincamdm.com/manage/link.html
- Select your application, find the Application ID and copy it to the clipboard.
- Generate a key, click Keys and enter a Key description (XMS key) and select expires in 1year.
The key will be displayed when these settings are saved. Copy the key to the clipboard, once you leave the page the key wil not be visible.
- General > Properties
- Click Reply URLs, this needs to be a validated reply domain(s).
- Reply URL: https://xincamdm.com/manage/link.html
Some information after completing the creation of the app, is needed in the following steps.
After creating the application please make a note of the endpoints which are automatically created. You can expose the endpoints by going back to the “App Registrations” and click on the “Endpoints” button on the top of the view.
Please copy the following endpoints to the clipboard:
- OAuth 2.0 Token Endpoint.
- OAuth 2.0 Authorization Endpoint.
Step 3: Azure > API Management Services: Create API ZMS
Create an API to connect the application with the login / SSO named ZMS[company]When the API service is activated:
- Select security > OAuth2 click Add:
- Client registration page URL: https://www.xincamdm.com/manage/
- Authorization grant types > Authorization code
- Authorization endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/authorize
- Authorization request method: GET & POST
- Token endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/token
- Application ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx This is the application id, generated at step 2.
- Client Secret: XXXXXXXXXXXXXXXXXXXXXXX. This is generated only once and shown when the application key has been generated at step 2. Please be aware that the Client secret is only shown once, while saving the Active directory application.
Step 4: Apply settings in Xinca
Apply the Microsoft Azure settings in Xinca via Organization > Settings > Authentication. Setting the Authentication Method to Microsoft Azure, enables you to enter the appropriate values
- Key: Application Client Id, found in the Azure Application configuration.
- Secret: Application Secret, generated after setting a key and saving the Azure application.
- Authorization Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
- Token Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
- Callback URL: Application Reply Url, found in the Azure Application configuration.
Microsoft Azure Device and user Flow:
- Special Microsoft Azure web clip on user device
- When a user starts with a new device and the device has not yet been linked / associated with a user, the device will show a web clip that the user can activate. This enables the user to authenticate via Microsoft Azure.
- Select Microsoft Account
- After clicking the web clip the user is redirected to Microsoft Azure. This enables the user to login
- XMS Sign in permission
- Accept the XMS sign in and read your profile message.
- XMS Message
- After a successful login the user is registered in Xinca and linked to the device.